using something other than entityID to identify SP to IdP

[Peter Schober]

* Liam Hoekenga <liamr at umich.edu> [2015-12-16 19:57]:
> I don't see anything in the authn request, and referrer isn't
> exactly reliable / trustworthy.

That's all you got, really: If there's nothing in the SAML protocol
message and you don't trust the browser (you shouldn't, of course; the
scenatio of course depends on what different behaviour you intend to
display on guessing at the SP that way) what else could there be?
-peter