using something other than entityID to identify SP to IdP

Peter Schober peter.schober at
Wed Dec 16 14:02:08 EST 2015

* Liam Hoekenga <liamr at> [2015-12-16 19:57]:
> I don't see anything in the authn request, and referrer isn't
> exactly reliable / trustworthy.

That's all you got, really: If there's nothing in the SAML protocol
message and you don't trust the browser (you shouldn't, of course; the
scenatio of course depends on what different behaviour you intend to
display on guessing at the SP that way) what else could there be?

More information about the users mailing list