ECP

Cantor, Scott cantor.2 at osu.edu
Thu Aug 1 20:57:39 EDT 2019


ECP is still a profile for an IdP and SP to authenticate a (non browser) client, and a properly configured IdP/SP results in the XML being encrypted. No client should have (or needs) access to the attribute data, if that's what you're misunderstanding and trying to get at. A server (the SP) is the system that receives and processes the message.

There's no "script" involved, unless you're talking about a script acting as a client, but ECP is not meant to involve clients actively looking at anything in the message, it's a SOAP exchange with an opaque body.

-- Scott




More information about the users mailing list