Embedded Discovery Service With Custom Service Provider.

Cantor, Scott cantor.2 at osu.edu
Tue May 12 09:54:13 EDT 2015

On 5/12/15, 8:56 AM, "Surinaidu Majji" <pioneer.suri at gmail.com> wrote:
> Yes i understand contar, the format is HTTP GET, Since we are not using Shibboleth SP, Our worry is about "any body who knows entityId can get the idp metadata(discofeed) from the Our non shibboleth SP".

Metadata is not secret, and the feed the EDS uses can't be secret since it has to be served to the client. It's public by definition.

> How can we make  it  secure. because we are not
> using "Identity Provider Discovery Service Protocol and Profile" as you mentioned in the  "specification, it's here [1]."

This has nothing to do with that spec. How you drive a UI to do discovery is not covered by that.

-- Scott

More information about the users mailing list