Zoho Help SP claims no metadata
Cantor, Scott
cantor.2 at osu.edu
Tue Jun 16 00:37:36 UTC 2020
Metadata was optional in SAML, there were too many vendors that didn't understand the problems and didn't care about scale, along with at least one vendor participating with the explicit goal of hurting the end result because they wanted their properietary approach to win. There is also no substitute for metadata. So here we are.
Providing metadata alone doesn't really matter. You need a third party to vouch for it if there's a key in it, so it's of no value anyway other than as a mild convenience when its self-asserted. Nor does providing metadata imply one is consuming it, let alone doing it properly, which is much more important for an SP. IdP metadata is much more important and not supporting it means literally no key management or. And again, here we are.
-- Scott
More information about the users
mailing list