[Ext] Re: Mapping requests to responses
nate.klingenstein at utah.edu
Tue May 24 23:47:51 EDT 2016
Got it, thanks for your patience and education.
Semt frim mt iPone
> On May 24, 2016, at 21:43, Cantor, Scott <cantor.2 at osu.edu> wrote:
>> On 5/24/16, 11:31 PM, "users on behalf of Nate Klingenstein" <users-bounces at shibboleth.net on behalf of ndk at sudonym.me> wrote:
>> Thanks for the confirmation. One last question: why not implement any of that?
> It didn't exist in SAML 1.1, and IdP-initiated SSO was a required feature in SAML 2. The only feature that correlation can provide that can't be accomplished some other way is XSRF protection, and that's only possible to get if you disable IdP-initiated.
> I would like to do it, but I have approximate 600,000 other things to do right now and I haven't studied the problem enough to know how to implement it properly. Since the SP doesn't have a way to generate tamper-proof cookies, it's not exactly self-evident. Somehow I doubt adding yet another key to the mix is going to be a popular idea with anybody.
> -- Scott
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users