Check IdP Artifact-capability in SAML[12]SessionInitiator

Basics

Technical

Logistics

Basics

Technical

Logistics

Description

Artifact-capability of an IdP can be determined from IdP metadata. (If there is no ArtifactResolutionService with a binding that the SP supports, then a request with an ACS URL that expects artifacts will definitely fail.)

A SessionInitiator could fail before redirecting, thus it could allow several SessionInitiators chained together with different defaultACSIndex values. (Similarly to the case of a SAML2 SessionInitiator and SAML1-only IdP.)

Environment

None

Activity

Show:

Scott Cantor June 23, 2009 at 12:46 PM

Closing after releases.

Scott Cantor January 27, 2009 at 2:24 PM

http://svn.middleware.georgetown.edu/view/cpp-opensaml2?view=rev&revision=435

http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=2936

This change functions as you wanted. In a chain, the handler will log and silently pass control along. In a non-chain, it errors out.

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details

Assignee

Scott Cantor

Reporter

bajnokk@niif.hu

Components

SAML 2.0 Single Sign-On

Fix versions

2.2

Created January 22, 2009 at 1:21 PM

Updated June 23, 2009 at 12:46 PM

Resolved January 27, 2009 at 2:24 PM

Configure