Help Needed: Shibboleth SP handling of 'Recipient' SAML Attribute

[Cantor, Scott]

On 6/29/20, 6:38 PM, "users on behalf of Nate Klingenstein" <users-bounces at shibboleth.net on behalf of ndk at signet.id> wrote:

> Assuming you mean in a Response and Assertion, the destination and recipient attributes are intended to allow the SP
> to interpret how to process the response and to ensure it was made for it and not another SP.  The recipient should be
> the entityID and the destination should be the ACS URL.

They are both set to the ACS URL in the profile.

The only odd thing about the Shibboleth software is that it doesn't look at Destination unless the message is signed, since there's no point in doing so. It requires Destination when messages are signed because that's what the standard says.

-- Scott