using something other than entityID to identify SP to IdP
peter.schober at univie.ac.at
Wed Dec 16 14:02:08 EST 2015
* Liam Hoekenga <liamr at umich.edu> [2015-12-16 19:57]:
> I don't see anything in the authn request, and referrer isn't
> exactly reliable / trustworthy.
That's all you got, really: If there's nothing in the SAML protocol
message and you don't trust the browser (you shouldn't, of course; the
scenatio of course depends on what different behaviour you intend to
display on guessing at the SP that way) what else could there be?
More information about the users