cantor.2 at osu.edu
Thu Dec 10 14:14:40 EST 2015
On 12/10/15, 2:10 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>Ignoring may not be what you want, but that should at least allow the SP to accept what the IdP is sending. Maybe that's good enough for your needs.
To be explicit: the Browser SSO profile (which is what we're talking about here) requires that the assertion be processed as though the OneTimeUse condition were present. So it doesn't imply anything else the SP needs to know about and ignoring it is fine.
More information about the users