Zoho Help SP claims no metadata
Nate Klingenstein
ndk at signet.id
Tue Jun 16 00:08:08 UTC 2020
Baron,
If my memory is correct, I don't think metadata is required in any part of the SSO profile per the standard(lots of MAYs), and there were never good compliance categories standardized anyway. I'll let someone else field the first half of your question -- I haven't done that integration, but I've faced the same issue with many many other SP's.
Influencing vendors and other implementers to just do the sane thing is a big part of the reason we set up and operate SAMLtest and require them to supply metadata to it.
https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf (4.1 in general, esp. 4.1.3.3 and 4.1.5 in this instance)
https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
Hope this helps,
Nate.
--------
The Art of Access ®
Nate Klingenstein | Principal
https://www.signet.id/
-----Original message-----
From: Baron Fujimoto
Sent: Monday, June 15 2020, 4:39 pm
To: Shib Users
Subject: Zoho Help SP claims no metadata
Has anyone set up their IdP to interoperate with the Zoho SP? When I queried about their metadata, they responded, "Please be informed that we do not have possess any specific meta data. However, we will provide login/log out URL and default relay state (Request URL/Response URL)". This lack of metadata, and expectation of its non-availability is unique in our experience. They have some documentation on configuring SAML SSO for non-Shibboleth IdPs here:
<https://help.zoho.com/portal/en/kb/desk/for-administrators/user-access-and-security/articles/setting-up-saml-single-signon-for-help-center#How_SAML_Works>
It looks like they are (probably?) referencing the sorts of data that would typically be incorporated into metadata, but deconstructed for GUI type admin interfaces.
Is the SP's metadata not technically required per the standard? Wikipedia suggests it's required, but that's... Wikipedia, and I couldn't find something more authoritative.
--
UH Information Technology Services : Identity & Access Mgmt, Middleware
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200616/c41a12a6/attachment.htm>
More information about the users
mailing list