Is skipEndpointValidationWhenSigned still an issue?

Yavor Yanakiev yavor at
Wed May 25 14:50:41 EDT 2016

We already informed the vendor about this issue. Hopefully they will be
able to fix it.

On Wed, May 25, 2016 at 2:33 PM, Brent Putman <putmanb at>

> On 5/25/16 2:21 PM, Cantor, Scott wrote:
> On 5/25/16, 2:14 PM, "users on behalf of Yavor Yanakiev" <users-bounces at on behalf of yavor at> <users-bounces at> wrote:
> Their system *is* broken, and they are doubly wrong for requesting a response URL that doesn't match their metadata. There is no way around that fact.
> Agreed 100%.  If one of their customers wants to tell them what they're
> technologically doing wrong via-a-vis the ACS, to file a bug, etc: I think
> the fundamental problem is that they are mistakenly treating the ACS URL as
> if it's dynamic, and that they can append "runtime" query params.  It's
> not.  It has to be a static unchanging URL.  If dynamic per-request info
> needs to be conveyed, it needs to happen via RelayState (either by value -
> embedded directly in the query param - or by reference).
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at

Yavor Yanakiev
Systems Developer for Identity Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list