Mapping requests to responses
Nate Klingenstein
ndk at sudonym.me
Tue May 24 23:03:07 EDT 2016
Eric and all,
Hopping upthread for one dumb question:
> (although Scott tells me there may be ways that is still insufficient, given that Shib SP doesn’t map requests to responses)
Would it be feasible to map the ID's assigned to signed AuthnRequests(ID=_c4f54499209b410dd541218900210147) that get embedded in the subsequently issued Response(InResponseTo=_c4f54499209b410dd541218900210147)? Would that allow the SP to perform the check? It would still be useless in IdP-initiated and not to be relied on if you need IdP-initiated.
Abuse of the RelayState field may offer the same functionality.
This seems pretty obvious, which probably means it's been thought of or I'm missing something exceedingly obvious.
Take care,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160524/62abe880/attachment-0001.html>
More information about the users
mailing list