Specifying relayState to pass plain URL format for SLO in SP settings
Gernot Hassenpflug
gernot.hassenpflug at asahinet.com
Tue Apr 26 22:48:08 EDT 2016
"Cantor, Scott" <cantor.2 at osu.edu> writes:
>> I don't remember why we chose years ago to set relayState="ss:mem" in
>> the <Sessions> element when moving to the new configuration file format:
>> it could have been taken from an example file perhaps.
>
> AFAIK, that's still the default. Setting it differently for different
> profiles isn't typical, so setting it in the Sessions element is the
> normal way of globally altering it.
Hello Scott,
Thank you for that confirmation and extra information.
>> We are not going to change the settings for other SPs, if there is no
>> pressing reason to remove relayState="ss:mem" from <Sessions>. If
>> someone has a good argument for leaving it at the default, I would be
>> happy to bring it up at management level and make that change (the more
>> defaults the easier to manage our own changes).
>
> You have to distinguish between "default if not set" and "default as
> shipped". The shipping default now is ss:mem, that is the
> recommendation. It is NOT recommended to expose resource URLs in
> RelayState, and it isn't even legal, strictly speaking, RelayState is
> limited to 80 bytes.
Great, that is a critical point, I have informed the customer IdP administrator
of that, as well as our management. We will certainly not be going down
that path further!
Best regards,
Gernot Hassenpflug
--
Asahi Net, Inc.
Tokyo, Japan
More information about the users
mailing list