OneTimeUse
Cantor, Scott
cantor.2 at osu.edu
Thu Dec 10 14:02:30 EST 2015
On 12/10/15, 1:47 PM, "users on behalf of kripp" <users-bounces at shibboleth.net on behalf of kripp at compsych.com> wrote:
>To enforce that the SP is checking for replays.
It doesn't mean that and wouldn't accomplish that. And assertion replay checking is a) ignored by lots of implementations but b) explicitly required. If you ignored it, you aren't going to start doing it because a condition nobody uses shows up.
>Obviously Shibboleth does
>this already but I guess it is a safeguard.
It won't accomplish that.
> I misread the documentation at
>https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPPolicyRule. I
>thought by adding <PolicyRule type="OneTimeUse"/> it would accept the
>condition, but it doesn't appear to be working.
It doesn't say do that, though. The example there should be clear:
<PolicyRule type="Ignore">saml2:OneTimeUse</PolicyRule>
> Is there anyway to add a
>PolicyRule so that this will be taken? It doesn't appear the post below was
>ever answered.
It was answered, with the same answer. The documentation is correct and explicit.
-- Scott
More information about the users
mailing list