understanding response to SOAP attribute query

Michael A Grady mgrady at unicon.net
Thu Oct 23 22:28:23 EDT 2014


On Oct 23, 2014, at 3:26 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 10/23/14, 4:12 PM, "db at alaska.edu" <dabantz at alaska.edu> wrote:
>> 
>> I had had to define a custom relying party config for Transact, in which
>> I included the SSO profile - the only one I thought needed.  Given my
>> belated realization that their process relies on a follow-up attribute
>> query, I needed the AttributeQuery profile
>> added to that custom relying party config.
> 
> Why would it need that?

When you look at what you can configure vis-a-vis SAML integration with Transact, you can speculate on why they do that. They don't store a certificate for your IdP, which complicates trusting the front channel response.

> 
> I've never heard of anything but Shibboleth doing queries, and we don't
> query if you push them.
> 
> -- Scott
> 


--
Michael A. Grady
Senior IAM Consultant, Unicon, Inc.



More information about the users mailing list