Let me ask a potentially stupid question:
Why can't we send a URL pointing to the {SAML Assertion, Certificate} instead
of sending the data itself?
This is what was done in IKE to avoid fragmentation.
> > my assumption is that if you were sending access-accept saml auth data
> > you'd do it before you started EAP.
>
> I'm wary of that approach.
>
> Alan DeKok.
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
