Then you must Encrypt. Otherwise anyone in the middle can get hold of end-user attributes - which is a privacy threat.
On Sat, Dec 13, 2014 at 9:55 AM, Dinusha Senanayaka <[email protected]> wrote: > > > > On Sat, Dec 13, 2014 at 9:42 AM, Dinusha Senanayaka <[email protected]> > wrote: >> >> >> >> On Sat, Dec 13, 2014 at 9:29 AM, Dulanja Liyanage <[email protected]> >> wrote: >>> >>> BTW Dinusha, why do you want to send a SAML Response through an >>> unsecured channel? If you must do it, then the Response must be encrypted. >>> >> Oh, you mean the response. This is because, if the web app is published > with http transports. This is a user option to publish it with http or > https or both. > > >> Yeah Dulanja. This anyway we have to fix. >> >>> >>> On Sat, Dec 13, 2014 at 9:23 AM, Dulanja Liyanage <[email protected]> >>> wrote: >>>> >>>> Darshana, I also thought it'd work. But a quick test revealed it >>>> doesn't. >>>> >>>> @Dinusha, according to SAML Specs we *should* allow to add multiple >>>> ACS URLs. But, it's a new feature. >>>> >>>> On Sat, Dec 13, 2014 at 9:11 AM, Dinusha Senanayaka <[email protected]> >>>> wrote: >>>>> >>>>> Thanks Darshana. Currently we don't sign the request which is >>>>> generated from the gateway. We could improve it configurable and give user >>>>> option to sign or not. But I'm not sure whether we can use this as a >>>>> permanent solution because, then user is always restricted to sign the >>>>> request if he want to expose both http/https gateway urls. Will this be a >>>>> hard improvement if we doing it from identity side ? What we need is >>>>> capability to configure multiple ACS urls in the SP. When the request >>>>> comes, validate ACS in the request is a one defined in SP, if so send saml >>>>> response to the matching ACS. >>>>> >>>>> Regards, >>>>> Dinusha. >>>>> >>>>> On Thu, Dec 11, 2014 at 4:32 PM, Darshana Gunawardana < >>>>> [email protected]> wrote: >>>>>> >>>>>> AFAIK, we don't support registering multiple ACS urls.. But IdP >>>>>> honour to the ACS in the authentication request, if the request is >>>>>> signed. >>>>>> >>>>>> On Thu, Dec 11, 2014 at 12:51 PM, Dinusha Senanayaka < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Requirement is, in App Manager, synapse gateway act as the assertion >>>>>>> consumer URL. It's possible to expose gateway url from http and https at >>>>>>> the same time which will give two access urls. So when we registering SP >>>>>>> for this app, we need to associate both http and https urls as assertion >>>>>>> consumer urls. >>>>>>> >>>>>>> Regards, >>>>>>> Dinusha. >>>>>>> >>>>>>> -- >>>>>>> Dinusha Dilrukshi >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc.: http://wso2.com/ >>>>>>> Mobile: +94725255071 >>>>>>> Blog: http://dinushasblog.blogspot.com/ >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> >>>>>> *Darshana Gunawardana*Software Engineer >>>>>> WSO2 Inc.; http://wso2.com >>>>>> >>>>>> *E-mail: [email protected] <[email protected]>* >>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>>>>> >>>>> >>>>> >>>>> -- >>>>> Dinusha Dilrukshi >>>>> Senior Software Engineer >>>>> WSO2 Inc.: http://wso2.com/ >>>>> Mobile: +94725255071 >>>>> Blog: http://dinushasblog.blogspot.com/ >>>>> >>>> >>>> >>>> -- >>>> Dulanja Liyanage >>>> WSO2 Inc. >>>> M: +94776764717 >>>> >>> >>> >>> -- >>> Dulanja Liyanage >>> WSO2 Inc. >>> M: +94776764717 >>> >> >> >> -- >> Dinusha Dilrukshi >> Senior Software Engineer >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > -- > Dinusha Dilrukshi > Senior Software Engineer > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- Dulanja Liyanage WSO2 Inc. M: +94776764717
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
