saml2 mtls issue
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 9 15:29:40 UTC 2021
> thank you very much for your quick reply. Could you please provide me with a reference for "... and that's
> not even technically a thing the SAML standard would allow one to do.". The IDP is asking for it 🙁
Look at the metadata spec and the definition of the use attribute on KeyDescriptor. There is only one defined way to know what somebody's key is, and it's metadata. Ergo if there's no way to distinguish between signing and TLS in that method, there is no such allowance in the standard to make them different.
-- Scott
More information about the users
mailing list