Conditional redirection to discovery service
Guillaume Rousse
guillaume.rousse at renater.fr
Tue Mar 2 14:18:03 UTC 2021
Le 02/03/2021 à 14:26, Cantor, Scott a écrit :
> Yes, you use ECP. If a client advertising that is being redirected, that's a bug. Otherwise, you have a client that claims to be a browser are then not being one, which is a bug in the client.
>
> That aside, you just do this at the DS itself rather than the SP and you end up in the same place.
I'm precisely trying to protect our infrastructure from buggy clients,
configured by clueless users, using approximate documentation, not to
make them work. I'm not sure ECP is a solution here.
And handling the issue at SP level would protect our network, as most of
these SP are actually external ones. As an NREN, we allow our community
to use our discovery service, to avoid deploying their own one, which
often has this kind of undesirable results.
Hence my attempt to provide SP admins simple instructions to keep their
own problematic users at home, intead of sending them to us.
Regards.
--
Guillaume Rousse
Direction des Services Applicatifs
RENATER - Paris
Tel: +33 1 53 94 20 45
http://www.renater.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2265 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20210302/64d3a66e/attachment.p7s>
More information about the users
mailing list