SAML1 for particular Relying Party within a federation
cantor.2 at osu.edu
Mon May 11 10:00:37 EDT 2015
On 5/11/15, 7:49 AM, "Keith Carr" <kecarr at sgul.ac.uk> wrote:
>With the recent vulnerabilities exposed within the TLS/SSL protocols (POODLE) we tightened up server configs, including setting Tomcat to work with TLS 1.0 as
> a minimum requirement. However we have found doing so “breaks” SAML1.x assertion exchange with one of the SP’s (Ovid). It seems like they are some time away from addressing the security vulnerability themselves and moving to SAML2.x.
>To be honest, with what you’ve said now I think I’ve realised there’s no way around it until they have applied updates.
I'm not following how this implies the subject line. They're already using SAML 1, so why force it?
Your issue here is apparently with the query support, in which case you can just push attributes for that one SP to work around it.
More information about the users