SAML1 for particular Relying Party within a federation

Cantor, Scott cantor.2 at
Mon May 11 10:00:37 EDT 2015

On 5/11/15, 7:49 AM, "Keith Carr" <kecarr at> wrote:

>With the  recent vulnerabilities exposed within the TLS/SSL protocols (POODLE) we tightened up server configs, including setting Tomcat to work with TLS 1.0 as
> a minimum requirement. However we have found doing so “breaks” SAML1.x assertion exchange with one of the SP’s (Ovid). It seems like they are some time away from addressing the security vulnerability themselves and moving to SAML2.x.
>To be honest, with what you’ve said now I think I’ve realised there’s no way around it until they have applied updates.

I'm not following how this implies the subject line. They're already using SAML 1, so why force it?

Your issue here is apparently with the query support, in which case you can just push attributes for that one SP to work around it.

-- Scott

More information about the users mailing list