SAML1 for particular Relying Party within a federation
kecarr at sgul.ac.uk
Thu May 14 07:30:39 EDT 2015
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 11 May 2015 15:01
To: Shib Users
Subject: Re: SAML1 for particular Relying Party within a federation
On 5/11/15, 7:49 AM, "Keith Carr" <kecarr at sgul.ac.uk> wrote:
>With the recent vulnerabilities exposed within the TLS/SSL protocols
>(POODLE) we tightened up server configs, including setting Tomcat to work with TLS 1.0 as a minimum requirement. However we have found doing so “breaks” SAML1.x assertion exchange with one of the SP’s (Ovid). It seems like they are some time away from addressing the security vulnerability themselves and moving to SAML2.x.
>To be honest, with what you’ve said now I think I’ve realised there’s no way around it until they have applied updates.
I'm not following how this implies the subject line. They're already using SAML 1, so why force it?
Your issue here is apparently with the query support, in which case you can just push attributes for that one SP to work around it.
How is that (push attributes) accomplished for just one SP?
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users