Is skipEndpointValidationWhenSigned still an issue?

Cantor, Scott cantor.2 at
Wed May 25 12:34:48 EDT 2016

On 5/25/16, 12:30 PM, "users on behalf of Brent Putman" <users-bounces at on behalf of putmanb at> wrote:

> I noticed that the AuthnRequest has both AssertionConsumerServiceIndex and
> AssertionConsumerServiceURL, BUT no ProtocolBinding.
> Because of the absence of the binding, perhaps the URL can't be effectively evaluated?
> And if there's no metadata corresponding for that index then it wouldn't work either?
> Just speculating.

Hmm. IIRC the Shibboleth SP doesn't include ProtocolBinding by default either, so given that that's the normal case I'd be interoperating with SPs with this setting, I doubt that should matter. I think it defaults to a binding based on precedence rules in the system.

-- Scott

More information about the users mailing list