Validate InResponseTo attribute
Paolo Smiraglia
paolo.smiraglia at gmail.com
Wed Jan 9 07:05:06 EST 2019
Hi all, I noticed that Shibboleth SP 3.x accepts responses that do not
include "InResponseTo" attribute in "Response" element (like in the
following).
<samlp:Response
Destination="https://********/iam/SAML2/POST"
ID="_cf5eb916-03d5-44ec-8526-e6629e356d62"
IssueInstant="2019-01-09T11:45:28Z"
Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
[...]
</samlp:Response>
Is this the desired behaviour?
Can the "InResponseTo" validation be enabled?
Bests,
Paolo
--
PAOLO SMIRAGLIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190109/d0f4fb70/attachment.html>
More information about the users
mailing list