OneTimeUse
Cantor, Scott
cantor.2 at osu.edu
Thu Dec 10 14:14:40 EST 2015
On 12/10/15, 2:10 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>Ignoring may not be what you want, but that should at least allow the SP to accept what the IdP is sending. Maybe that's good enough for your needs.
To be explicit: the Browser SSO profile (which is what we're talking about here) requires that the assertion be processed as though the OneTimeUse condition were present. So it doesn't imply anything else the SP needs to know about and ignoring it is fine.
-- Scott
More information about the users
mailing list