Is skipEndpointValidationWhenSigned still an issue?

Cantor, Scott cantor.2 at
Wed May 25 13:13:50 EDT 2016

On 5/25/16, 1:04 PM, "users on behalf of Brent Putman" <users-bounces at on behalf of putmanb at> wrote:

>That wasn't my recollection, actually, I think I've always seen ProtocolBinding being sent.
>At least as far back as I can remember.  So I looked at one of our pretty vanilla SP's
>running 2.5.5, and it does send ProtocolBinding.

Ok, might be implicated then. I still thought it defaulted, but I would have to look at it.

In any case, it's bad form regardless obviously. If it wants to send a request and expect the IdP to ignore metadata processing it, then it doesn't follow that it should be omitting important details.

-- Scott

More information about the users mailing list