Ex: Re: authnrequest with no ACS info
Paul B. Henson
henson at cpp.edu
Fri Oct 28 01:56:34 UTC 2022
On Thu, Oct 27, 2022 at 11:07:29PM +0000, Cantor, Scott via users wrote:
> There's nothing wrong with defaulting the endpoint, but it is illegal
> in SAML to use the redirect binding for a response in SSO.
What's the best source to document that? All I can really find is
https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
section 4.1.3.5 which doesn't explicitly say redirect is not allowed but
implies it by mentioning only post and artifact.
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.cpp.edu/~henson/
Operating Systems and Network Analyst | henson at cpp.edu
California State Polytechnic University | Pomona CA 91768
More information about the users
mailing list