Using a different SP entity ID with the IdP SAML authn flow

Cantor, Scott cantor.2 at
Wed Sep 15 16:30:10 UTC 2021

On 9/15/21, 12:24 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    Is it necessary to use getOperator instead of just iterating over the list of requested principals and calling
> getName() on each which, to me, looks like it just returns a string on which I can use a standard equal
> operator?

Your algorithm is presuming the request is asking for "any one of these". That's exact. I'm simply noting SAML doesn't limit the standard that, and the IdP doesn't just fail if other operators are used. At least detecting something else you don't want to support and treating that as an error for your purposes is the defensive approach.

Whether you can actually intelligently process better, maximum, or minimum to some degree is a different matter.

-- Scott

More information about the users mailing list