Using a different SP entity ID with the IdP SAML authn flow
Cantor, Scott
cantor.2 at osu.edu
Wed Sep 15 16:30:10 UTC 2021
On 9/15/21, 12:24 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Is it necessary to use getOperator instead of just iterating over the list of requested principals and calling
> getName() on each which, to me, looks like it just returns a string on which I can use a standard equal
> operator?
Your algorithm is presuming the request is asking for "any one of these". That's exact. I'm simply noting SAML doesn't limit the standard that, and the IdP doesn't just fail if other operators are used. At least detecting something else you don't want to support and treating that as an error for your purposes is the defensive approach.
Whether you can actually intelligently process better, maximum, or minimum to some degree is a different matter.
-- Scott
More information about the users
mailing list