sp services limit
Jeremy Shapiro
jnshapiro at gmail.com
Sun Apr 10 00:40:10 EDT 2016
I don't have control over the policies of the IdP.
I don't understand "each SSO role in metadata would not need a lot of
endpoints".
Each one of my applications has the following endpoints:
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="
https://myapp1/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
https://myapp1/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
https://myapp1/Shibboleth.sso/SLO/POST"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="
https://myapp1/Shibboleth.sso/SLO/Artifact"/>
And that's just the SIngleLogoutService. I also have 6 endpoints for the
AssertionConsumerService. 50 apps (some of which are test) with 10
endpoints per app.
On Fri, Apr 8, 2016 at 3:16 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > That's self-contradicting. You say the SP has many entityIDs, so if
> that's true,
> > each SSO role in metadata would not need a lot of endpoints.
>
> My underlying point is that validating endpoints isn't terribly efficient
> in the IdP if it's walking a list of 500 of them, though it wouldn't be
> noticeable until you get bigger I imagine. If you're going to do that, just
> sign your requests and skip the endpoint validation in the IdP.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160410/83399048/attachment.html>
More information about the users
mailing list