PasswordProtectedTransport Authentication with MCB
Cantor, Scott
cantor.2 at osu.edu
Mon Jul 6 21:54:10 EDT 2015
On 7/6/15, 8:43 PM, "users on behalf of IAM David Bantz" <users-bounces at shibboleth.net on behalf of dabantz at alaska.edu> wrote:
>
>BUT the vendor insists they have configured "40 plus" institutions this way and cannot readily change either the destination to POST/SSO or change the binding to Redirect.
They're wrong, since that would never work.
>In discussion, they invoked the name "Scott Cantor" as having worked with them on their first Shibboleth integration that set up this configuration. I'm just reporting!
Since I don't know who this is, I can't exactly refute it, but I will anyway. They're wrong.
>In any case, SOME change was made at the vendor end and my IdP is now provides a SAML response to their request (at least it responds for my account using MCB/Duo MFA).
> Yet, as I can verify directly, the SAML POST request is still sent to the IdP's Redirect
> end point.
That can't be true, so you're misreading it. That just doesn't work.
>If it doesn't matter where the request is sent, why do we bother with the different end points?
It does matter. Our implementation does not overload endpoints.
-- Scott
More information about the users
mailing list