On Thu, Apr 21, 2016 at 10:22:46AM -0400, John Dennis wrote: > On 04/18/2016 12:34 PM, Martin Millnert wrote: > >(** ECP is a new feature, not supported by all IdP's, that at (second) > >best requires reconfiguration of core authentication services at each > >customer, and at worst requires customers to change IdP software > >completely. This is a varying degree of showstopper for various > >customers.) > > The majority of work to support ECP is in the SP, not the IdP. In fact IdP's > are mostly agnostic with respect to ECP, there is nothing ECP specific an > IdP must implement other than supporting the SOAP binding for the > SingleSignOnService which is trivial. I've yet to encounter an IdP that does > not support the SOAP binding. > > What IdP are you utilizing which is incapable of receiving an AuthnRequest > via the SOAP binding? >
I would disagree on this. Last year in EduGAIN, the European interfederation including hundreds of IdPs, only a very small amount were supporting ECP. I did a check on the metadata. Additionally, some IdP implementations do not support ECP out-of-the-box and for the one providing such support, it requires a different authentication mechanism compared to the one used for the redirect or post profile so many IdPs are not supporting this mechanism. The work to support ECP is equally distributed among the IdP and SP although it is getting more common in the IdPs with last release of IdPs software such as shibboleth IdP v3. Marco > > -- > John > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
smime.p7s
Description: S/MIME cryptographic signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
