Setting up an IDP to perform HTTP Basic Authentication
cantor.2 at osu.edu
Wed May 25 17:16:06 EDT 2016
On 5/25/16, 4:43 PM, "users on behalf of Eric Wedaa" <users-bounces at shibboleth.net on behalf of Eric.Wedaa at marist.edu> wrote:
>Yay! So it should work. The vendor is now asking me for the URL they should be sending
>requests to. Does that make sense in this context? And if so, what would it be normally?
The only appropriate case here is ECP because a non-browser client has no business using any other endpoint. That endpoint is /idp/profile/SAML2/SOAP/ECP.
If you're going to tolerate screen scraping, good luck with that, but that's just using the same SAML SingleSignOnService endpoints you use for any other SPs.
I think it's very likely that unless this is about ECP that something very wrong is happening and the outcome here will not be good. Possibly not even secure.
More information about the users