sp services limit

Jeremy Shapiro jnshapiro at gmail.com
Sun Apr 10 00:40:10 EDT 2016

I don't have control over the policies of the IdP.

I don't understand "each SSO role in metadata would not need a lot of

Each one of my applications has the following endpoints:
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="

And that's just the SIngleLogoutService.  I also have 6 endpoints for the
AssertionConsumerService.  50 apps (some of which are test) with 10
endpoints per app.

On Fri, Apr 8, 2016 at 3:16 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> > That's self-contradicting. You say the SP has many entityIDs, so if
> that's true,
> > each SSO role in metadata would not need a lot of endpoints.
> My underlying point is that validating endpoints isn't terribly efficient
> in the IdP if it's walking a list of 500 of them, though it wouldn't be
> noticeable until you get bigger I imagine. If you're going to do that, just
> sign your requests and skip the endpoint validation in the IdP.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160410/83399048/attachment.html>

More information about the users mailing list