Setting up an IDP to perform HTTP Basic Authentication
Cantor, Scott
cantor.2 at osu.edu
Wed May 25 17:16:06 EDT 2016
On 5/25/16, 4:43 PM, "users on behalf of Eric Wedaa" <users-bounces at shibboleth.net on behalf of Eric.Wedaa at marist.edu> wrote:
>Yay! So it should work. The vendor is now asking me for the URL they should be sending
>requests to. Does that make sense in this context? And if so, what would it be normally?
The only appropriate case here is ECP because a non-browser client has no business using any other endpoint. That endpoint is /idp/profile/SAML2/SOAP/ECP.
If you're going to tolerate screen scraping, good luck with that, but that's just using the same SAML SingleSignOnService endpoints you use for any other SPs.
I think it's very likely that unless this is about ECP that something very wrong is happening and the outcome here will not be good. Possibly not even secure.
-- Scott
More information about the users
mailing list