-
Notifications
You must be signed in to change notification settings - Fork 399
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inline slo signature #133
base: master
Are you sure you want to change the base?
Inline slo signature #133
Conversation
The HTTP-Redirect binding uses the SAML Messages, RelayState and Signature and SigAlg as GET parameters. The HTTP-POST binding uses SAML Mesage and RelayState as POST parameters, and Signature is embedded inside the SAML Message We support HTTP-POST binding on ACS URL, but rest of the toolkits uses HTTP-Redirect binding and we don't plan to support a different protocol. Read #116 |
Somehow I knew you would have a ready answer for that :-) I’ll continue to utilize my versatile LogoutResponse on my fork, to support my client, and you can feel free to take this if ever more people need this support.
I can understand why you would not want to take the time to implement this for an uncommon feature. But now that I have it implemented here, why do you actively not want it? Just curious.
Wayne Woodfield
… On Nov 10, 2017, at 2:06 PM, Sixto Martin ***@***.***> wrote:
The HTTP-Redirect binding uses the SAML Messages, RelayState and Signature and SigAlg as GET parameters.
The HTTP-POST binding uses SAML Mesage and RelayState as POST parameters, and Signature is embedded inside the SAML Message
We support HTTP-POST binding on ACS URL, but rest of the toolkits uses HTTP-Redirect binding and we don't plan to support a different protocol.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#133 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ATrPcM2TsbnbZ0kyFzs6NLMHxZYcn--vks5s1LrngaJpZM4QZ9Yc>.
|
The goal of the toolkit is to offer an SP with the minimun implementation and the easiest settings able to communicate with most of the IdPs. Im sure that you selected for your customer that toolkit because you found it easy..otherwise..you could use other open source alternative that supports all the bindings, but is complex with complex settings. Instead ask the SP to support all bindings..why not ask IdP software to support the minimun bindings defined on the SAML standard as required? If I now accept your PR for LogoutResponse, I need to do the same for LogoutRequest...and then why not implement the ability to send SLO messages using POST...and after that.. why not support Artifact binding...why not support AttributeQuery.... |
ab7e4d7
to
3c79c8c
Compare
This week, I encountered an IdP that sent me a LogoutResponse containing a signature embedded within the SAMLResponse, instead of split out into separate Signature/SigAlg query parameters. With much stealing from SamlResponse.java object, I added support for this type of signature.