Is skipEndpointValidationWhenSigned still an issue?
Yavor Yanakiev
yavor at nyu.edu
Wed May 25 14:50:41 EDT 2016
We already informed the vendor about this issue. Hopefully they will be
able to fix it.
On Wed, May 25, 2016 at 2:33 PM, Brent Putman <putmanb at georgetown.edu>
wrote:
>
>
> On 5/25/16 2:21 PM, Cantor, Scott wrote:
>
> On 5/25/16, 2:14 PM, "users on behalf of Yavor Yanakiev" <users-bounces at shibboleth.net on behalf of yavor at nyu.edu> <users-bounces at shibboleth.netonbehalfofyavor@nyu.edu> wrote:
>
>
> Their system *is* broken, and they are doubly wrong for requesting a response URL that doesn't match their metadata. There is no way around that fact.
>
>
>
> Agreed 100%. If one of their customers wants to tell them what they're
> technologically doing wrong via-a-vis the ACS, to file a bug, etc: I think
> the fundamental problem is that they are mistakenly treating the ACS URL as
> if it's dynamic, and that they can append "runtime" query params. It's
> not. It has to be a static unchanging URL. If dynamic per-request info
> needs to be conveyed, it needs to happen via RelayState (either by value -
> embedded directly in the query param - or by reference).
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Yavor Yanakiev
Systems Developer for Identity Services
212-992-7585
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160525/c5284ef1/attachment.html>
More information about the users
mailing list