Question Pro

Peter Schober peter.schober at
Tue Jun 9 18:16:17 UTC 2020

* Lohr, Donald <lohrda at> [2020-06-09 19:54]:
> Anyone using this SP and have it configured against their Shibboleth 3x IdP?

I note their docs at
don't mention any of /their/ metadata (or entityID, endpoints or
certificate separately). So it's unclear they support encryption, for

Other than that it looks like the usual lowest-possible-support for
SAML: Doesn't perform signature validation on remotely loaded metadata
(making the "IDP metadata URL" method unsafe to use), requires custom
attribute names, suggests/requires email address as unique user
identifer in attribute "emailAddress" (NameFormat unkown, I'd use
basic for correctness), etc.

The part on how additional user data should be sent from
I don't understand:

> All the attributes will be stored in the custom variables in a
> sequential manner first attribute will go in custom1, second
> attribute in custom2 and so on. [...]


More information about the users mailing list