Help Needed: Shibboleth SP handling of 'Recipient' SAML Attribute

[Cantor, Scott]

On 6/29/20, 7:01 PM, "users on behalf of Nate Klingenstein" <users-bounces at shibboleth.net on behalf of ndk at signet.id> wrote:

> Right, sorry, I was looking at the recipient attribute of the EncryptedAssertion element rather than the decrypted
> assertion.  Is there a reason why that's the entityID rather than the ACS?

They're two completely different standards with different uses for an attribute that happens to be named the same thing. The name in SAML should have just been Destination, it was a bad choice.

-- Scott