ping Sewmini Jayaweera *Software Engineer - QA Team* Mobile: +94 (0) 773 381 250 [email protected]
On Tue, Mar 7, 2017 at 10:58 PM, Sewmini Jayaweera <[email protected]> wrote: > Hi, > > As per the SAML core specification [1], below were the definitions given > for ACS URL and Recipient. > > - *AssertionConsumerServiceURL: *Specifies by value the location to > which the <Response> message MUST be returned to the > requester. The responder MUST ensure by some means that the value > specified is in fact associated with the requester. [SAMLMeta] provides one > possible mechanism; signing the enclosing <AuthnRequest> message is > another. This attribute is mutually exclusive with the > AssertionConsumerServiceIndex attribute and is typically accompanied by the > ProtocolBinding attribute. > > > - *Recipient [Optional]: *A URI specifying the entity or location to > which an attesting entity can present the assertion. For > example, this attribute might indicate that the assertion must be > delivered to a particular network endpoint in order to prevent an > intermediary from redirecting it someplace else > > *Question* > > 1. Should AssertionConsumerServiceURL and Recipient always be the same? > 2. When exactly do we need to specify a recipient? Appreciate if you > can explain with a sample use case. > > [1]. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf > > Cheers! > > Sewmini Jayaweera > *Software Engineer - QA Team* > Mobile: +94 (0) 773 381 250 <+94%2077%20338%201250> > [email protected] >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
