Disable replay policy for one relying party
Howes, Nick
N.Howes at warwick.ac.uk
Tue Mar 6 05:54:15 EST 2018
Hi,
Is it possible to disable a security rule (or use a different TrustEngine) for a specific relying party? I've got an ADFS instance with a SAML2 SSO redirect that the browser is replaying to our IdP due to the cache headers ADFS is sending. A user would sporadically see this as a 404.
Ideally ADFS would send better cache headers but am looking into this in case that's not possible, since its AuthnRequest isn't signed so I don't think there's any danger in allowing a replayed request.
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180306/3bdd3e25/attachment.html>
More information about the users
mailing list