Use HTTP verb in Service Provider request mapper

Peter Schober peter.schober at
Thu Oct 21 16:25:53 UTC 2021

* Fabien BERTEAU <fabien.berteau at> [2021-10-21 14:51]:
> I thought I could avoid ECP in our SPAs by forcing the user to authenticate
> in order to download the SPA (classic SP initiated browser flow), then by
> embedding the SP session cookie during each call to a web service based on
> XMLHTTPRequest (same domain, so the browser should add it ?). Am I wrong ?

Maybe some of these posts (or threads) are of help to you:


More information about the users mailing list