Is skipEndpointValidationWhenSigned still an issue?
cantor.2 at osu.edu
Wed May 25 13:13:50 EDT 2016
On 5/25/16, 1:04 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>That wasn't my recollection, actually, I think I've always seen ProtocolBinding being sent.
>At least as far back as I can remember. So I looked at one of our pretty vanilla SP's
>running 2.5.5, and it does send ProtocolBinding.
Ok, might be implicated then. I still thought it defaulted, but I would have to look at it.
In any case, it's bad form regardless obviously. If it wants to send a request and expect the IdP to ignore metadata processing it, then it doesn't follow that it should be omitting important details.
More information about the users