[ECP] non-GET initial requests via the ECP

Marek Denis marek.denis at gmail.com
Wed May 14 17:54:28 EDT 2014

2014-05-14 20:55 GMT+02:00 Cantor, Scott <cantor.2 at osu.edu>:
> On 5/14/14, 2:21 PM, "Marek Denis" <marek.denis at gmail.com> wrote:
>>Can I access protected resources with methods other than GET, and be
>>sure the content from that body will get to the http server after the
>>user gets authenticated with saml protocol?
> For ECP, that's up to the client.

Putting your both answers together I am guessing the ECP client must
somehow guess whether it's authenticated and only after it is, it can
send some data via calls like POST/PUT HTTP methods, right? Can I
initially start with a POST HTTP and in case I am not authenticated I
will get SOAP SAML2 authn request?

>>Let's say i protect /secure url and normally my server expects some
>>data sent via POST/PUT HTTP methods. By initiating a request with the
>>data I will get back a SOAP message, get the IdP, authenticate myself,
>>get SAML assertion, POST it to the SP again. Any way to inject my
>>completely custom data into this auth workflow?
> No.
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

Marek Denis

More information about the users mailing list