Mapping requests to responses

Nate Klingenstein ndk at
Tue May 24 23:03:07 EDT 2016

Eric and all,

Hopping upthread for one dumb question:

> (although Scott tells me there may be ways that is still insufficient, given that Shib SP doesn’t map requests to responses)

Would it be feasible to map the ID's assigned to signed AuthnRequests(ID=_c4f54499209b410dd541218900210147) that get embedded in the subsequently issued Response(InResponseTo=_c4f54499209b410dd541218900210147)?  Would that allow the SP to perform the check?  It would still be useless in IdP-initiated and not to be relied on if you need IdP-initiated.

Abuse of the RelayState field may offer the same functionality.

This seems pretty obvious, which probably means it's been thought of or I'm missing something exceedingly obvious.

Take care,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list