Create a profile action to verify response location
Basics
Logistics
Basics
Logistics
Description
Need a profile action that does verification of response location against metadata, or via request signing.
A lot of implementations apparently assume that if you have a signed AuthnRequest, that takes the place of checking the ACS location, which makes a lot of sense to me, and would offer some real benefits. Suggest we expose an option to bypass checking if the request is authenticated.
Need a profile action that does verification of response location against metadata, or via request signing.
A lot of implementations apparently assume that if you have a signed AuthnRequest, that takes the place of checking the ACS location, which makes a lot of sense to me, and would offer some real benefits. Suggest we expose an option to bypass checking if the request is authenticated.