Is skipEndpointValidationWhenSigned still an issue?

Cantor, Scott cantor.2 at
Wed May 25 14:21:53 EDT 2016

On 5/25/16, 2:14 PM, "users on behalf of Yavor Yanakiev" <users-bounces at on behalf of yavor at> wrote:

>The vendor, <>, is InCommon member and has 32 SPs deployed.
> I'm surprised nobody else raised that issue since the metadata  published there is
> virtually identical for all iModules' SPs.

V2 had a bug and was improperly comparing the URLs too permissively. I am perfectly happy to extend the logic to default in the binding, but that's all I can do. Their system *is* broken, and they are doubly wrong for requesting a response URL that doesn't match their metadata. There is no way around that fact.

-- Scott

More information about the users mailing list