Disable replay policy for one relying party

Howes, Nick N.Howes at warwick.ac.uk
Tue Mar 6 05:54:15 EST 2018


Is it possible to disable a security rule (or use a different TrustEngine) for a specific relying party? I've got an ADFS instance with a SAML2 SSO redirect that the browser is replaying to our IdP due to the cache headers ADFS is sending. A user would sporadically see this as a 404.

Ideally ADFS would send better cache headers but am looking into this in case that's not possible, since its AuthnRequest isn't signed so I don't think there's any danger in allowing a replayed request.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180306/3bdd3e25/attachment.html>

More information about the users mailing list