Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-854

We don't have a supported way to disable artifact binding usage outbound.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 3.1.0, 3.1.1, 3.1.2
    • Fix Version/s: 3.2.0
    • Component/s: SAML1, SAML2
    • Labels:
      None

      Description

      While testing logout, I noted that the endpoint selection logic doesn't prioritize bindings based on the IdP but by the endpoint order in metadata.

      Whether that's sufficient or not, what is clear is that if you have an IdP that's not supporting artifacts (e.g. not running a usable SOAP port or handling it on the front channel port), you need a way to tell it not to use that binding. We don't have an outgoingBindings property anywhere that I can find on the profile config beans. We probably should, but in the meantime, a global property to toggle an activation condition on the Artifact BindingDescriptors in the system config would be a simple workaround.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            cantor.2@osu.edu Scott Cantor
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 45 minutes
                45m