Cantor, Scott cantor.2 at
Thu Dec 10 14:14:40 EST 2015

On 12/10/15, 2:10 PM, "users on behalf of Brent Putman" <users-bounces at on behalf of putmanb at> wrote:

>Ignoring may not be what you want, but that should at least allow the SP to accept what the IdP is sending.  Maybe that's good enough for your needs.

To be explicit: the Browser SSO profile (which is what we're talking about here) requires that the assertion be processed as though the OneTimeUse condition were present. So it doesn't imply anything else the SP needs to know about and ignoring it is fine.

-- Scott

More information about the users mailing list