understanding response to SOAP attribute query
Michael A Grady
mgrady at unicon.net
Thu Oct 23 22:28:23 EDT 2014
On Oct 23, 2014, at 3:26 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 10/23/14, 4:12 PM, "db at alaska.edu" <dabantz at alaska.edu> wrote:
>>
>> I had had to define a custom relying party config for Transact, in which
>> I included the SSO profile - the only one I thought needed. Given my
>> belated realization that their process relies on a follow-up attribute
>> query, I needed the AttributeQuery profile
>> added to that custom relying party config.
>
> Why would it need that?
When you look at what you can configure vis-a-vis SAML integration with Transact, you can speculate on why they do that. They don't store a certificate for your IdP, which complicates trusting the front channel response.
>
> I've never heard of anything but Shibboleth doing queries, and we don't
> query if you push them.
>
> -- Scott
>
--
Michael A. Grady
Senior IAM Consultant, Unicon, Inc.
More information about the users
mailing list