<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 5/25/16 12:12 PM, Cantor, Scott
wrote:<br>
</div>
<blockquote cite="mid:AFBDFD94-BB43-4E40-A4D1-3B595B415735@osu.edu"
type="cite">
<pre wrap="">
</pre>
<pre wrap="">
That's signed XML. The bug didn't apply to that case, it was breaking on signed redirects.
</pre>
</blockquote>
<br>
I noticed that the AuthnRequest has both
AssertionConsumerServiceIndex and AssertionConsumerServiceURL, BUT
no ProtocolBinding. Because of the absence of the binding, perhaps
the URL can't be effectively evaluated? And if there's no metadata
corresponding for that index then it wouldn't work either? Just
speculating.<br>
<br>
At the very least that request seems malformed, since per Core index
is mutually exclusive with URL + binding.<br>
<br>
</body>
</html>