Inline slo signature #133
Inline slo signature #133
Conversation
|
The HTTP-Redirect binding uses the SAML Messages, RelayState and Signature and SigAlg as GET parameters. The HTTP-POST binding uses SAML Mesage and RelayState as POST parameters, and Signature is embedded inside the SAML Message We support HTTP-POST binding on ACS URL, but rest of the toolkits uses HTTP-Redirect binding and we don't plan to support a different protocol. Read #116 |
|
Somehow I knew you would have a ready answer for that :-) I’ll continue to utilize my versatile LogoutResponse on my fork, to support my client, and you can feel free to take this if ever more people need this support.
I can understand why you would not want to take the time to implement this for an uncommon feature. But now that I have it implemented here, why do you actively not want it? Just curious.
Wayne Woodfield
… On Nov 10, 2017, at 2:06 PM, Sixto Martin ***@***.***> wrote:
The HTTP-Redirect binding uses the SAML Messages, RelayState and Signature and SigAlg as GET parameters.
The HTTP-POST binding uses SAML Mesage and RelayState as POST parameters, and Signature is embedded inside the SAML Message
We support HTTP-POST binding on ACS URL, but rest of the toolkits uses HTTP-Redirect binding and we don't plan to support a different protocol.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#133 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATrPcM2TsbnbZ0kyFzs6NLMHxZYcn--vks5s1LrngaJpZM4QZ9Yc>.
|
|
The goal of the toolkit is to offer an SP with the minimun implementation and the easiest settings able to communicate with most of the IdPs. Im sure that you selected for your customer that toolkit because you found it easy..otherwise..you could use other open source alternative that supports all the bindings, but is complex with complex settings. Instead ask the SP to support all bindings..why not ask IdP software to support the minimun bindings defined on the SAML standard as required? If I now accept your PR for LogoutResponse, I need to do the same for LogoutRequest...and then why not implement the ability to send SLO messages using POST...and after that.. why not support Artifact binding...why not support AttributeQuery.... |
pitbulk
force-pushed
the
master
branch
3 times, most recently
from
ab7e4d7
to
3c79c8c
Compare
This week, I encountered an IdP that sent me a LogoutResponse containing a signature embedded within the SAMLResponse, instead of split out into separate Signature/SigAlg query parameters. With much stealing from SamlResponse.java object, I added support for this type of signature.