unsolicited SSO question regarding AuthnRequestsSigned="true"

Cantor, Scott cantor.2 at osu.edu
Tue Oct 22 12:47:10 EDT 2019

On 10/22/19, 12:41 PM, "users on behalf of Les LaCroix" <users-bounces at shibboleth.net on behalf of llacroix at carleton.edu> wrote:

> Quibble.  There is no SAML stanza "samlp:AuthnRequest" being received by the IdP unless the IdP itself is generating
> it.  There certainly isn't anything being provided by my browser like what would be redirected through the browser
> for an SP-initiated session.

It's just a proprietary binding for the exact same information. The core information in an AuthnRequest is an SP entityID, an AssertionConsumerServiceURL, and of lesser importance a timestamp. That's exactly what's in the query. An AuthnRequest is simply a standardized form for the information with additional features, but they're both identical in every other sense (and yes, the IdP does manufacture one to provide the information to the rest of the code in the same way).

-- Scott

More information about the users mailing list