Is skipEndpointValidationWhenSigned still an issue?
Cantor, Scott
cantor.2 at osu.edu
Wed May 25 14:21:53 EDT 2016
On 5/25/16, 2:14 PM, "users on behalf of Yavor Yanakiev" <users-bounces at shibboleth.net on behalf of yavor at nyu.edu> wrote:
>The vendor, imodules.com <http://imodules.com>, is InCommon member and has 32 SPs deployed.
> I'm surprised nobody else raised that issue since the metadata published there is
> virtually identical for all iModules' SPs.
V2 had a bug and was improperly comparing the URLs too permissively. I am perfectly happy to extend the logic to default in the binding, but that's all I can do. Their system *is* broken, and they are doubly wrong for requesting a response URL that doesn't match their metadata. There is no way around that fact.
-- Scott
More information about the users
mailing list