Embedded Discovery Service With Custom Service Provider.
Cantor, Scott
cantor.2 at osu.edu
Tue May 12 09:54:13 EDT 2015
On 5/12/15, 8:56 AM, "Surinaidu Majji" <pioneer.suri at gmail.com> wrote:
>
> Yes i understand contar, the format is HTTP GET, Since we are not using Shibboleth SP, Our worry is about "any body who knows entityId can get the idp metadata(discofeed) from the Our non shibboleth SP".
Metadata is not secret, and the feed the EDS uses can't be secret since it has to be served to the client. It's public by definition.
> How can we make it secure. because we are not
> using "Identity Provider Discovery Service Protocol and Profile" as you mentioned in the "specification, it's here [1]."
This has nothing to do with that spec. How you drive a UI to do discovery is not covered by that.
-- Scott
More information about the users
mailing list