Create a profile action to verify response location

Description

Need a profile action that does verification of response location against metadata, or via request signing.

A lot of implementations apparently assume that if you have a signed AuthnRequest, that takes the place of checking the ACS location, which makes a lot of sense to me, and would offer some real benefits. Suggest we expose an option to bypass checking if the request is authenticated.

Environment

None

Activity

Scott Cantor February 19, 2014 at 9:46 PM

Implemented this via one action for both SAML versions.

peter July 6, 2011 at 2:41 PM
Edited

N.B., https://shibboleth.atlassian.net/browse/SIDP-499#icft=SIDP-499 has an implementation of this for 2.3.x

Duplicate

Details

Assignee

Reporter

Original estimate

Fix versions

Created April 16, 2011 at 1:12 PM
Updated June 22, 2021 at 8:47 PM
Resolved July 9, 2014 at 3:20 PM