SAML1 for particular Relying Party within a federation

Keith Carr kecarr at
Thu May 14 07:30:39 EDT 2015

-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: 11 May 2015 15:01
To: Shib Users
Subject: Re: SAML1 for particular Relying Party within a federation

On 5/11/15, 7:49 AM, "Keith Carr" <kecarr at> wrote:

>With the  recent vulnerabilities exposed within the TLS/SSL protocols 
>(POODLE) we tightened up server configs, including setting Tomcat to work with TLS 1.0 as  a minimum requirement. However we have found doing so “breaks” SAML1.x assertion exchange with one of the SP’s (Ovid). It seems like they are some time away from addressing the security vulnerability themselves and moving to SAML2.x.
>To be honest, with what you’ve said now I think I’ve realised there’s no way around it until they have applied updates.

I'm not following how this implies the subject line. They're already using SAML 1, so why force it?

Your issue here is apparently with the query support, in which case you can just push attributes for that one SP to work around it.

  Hi Scott,
  How is that (push attributes) accomplished for just one SP?

  Thanks, Keith

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list