IDP logout customizations
Cantor, Scott
cantor.2 at osu.edu
Thu Apr 4 20:43:28 EDT 2019
On 4/4/19, 5:16 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:
> if service provided a redirect URL, send the user to that location
That's asking for an open redirector from the most sensitive system you have. How would you control what URLs were "acceptable" to land on? That's why the protocol is designed the way it is, and doesn't accommodate that sort of thing.
-- Scott
More information about the users
mailing list