SAML authnresponse 绑定
SAML authnresponse binding
有人知道 SAML2 AuthnResponse 是否可以通过 HTTP-REDIRECT 绑定发送吗?我只找到了使用 HTTP-REDIRECT 绑定的 AuthnRequests 示例。
谢谢
不,不得使用 HTTP 重定向绑定发送 SAML AuthnResponse,请参阅 http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf#page=16,其中指出:
Identity Provider issues to Service Provider In step 5, the identity
provider issues a message to be delivered by the user agent to the
service provider. Either the HTTP POST, or HTTP Artifact binding can
be used to transfer the message to the service provider through the
user agent. The message may indicate an error, or will include (at
least) an authentication assertion. The HTTP Redirect binding MUST NOT
be used, as the response will typically exceed the URL length
permitted by most user agents.
没有。对于 SAML 2.0 Web SSO,您不能对 AuthnResponse 使用 HTTP 重定向绑定。您唯一有效的绑定是 HTTP-POST 或 HTTP-Artifact.
SAML 2.0 一致性文档的第 6 页概述了各种情况下的有效绑定--http://docs.oasis-open.org/security/saml/v2.0/saml-conformance-2.0-os.pdf
有人知道 SAML2 AuthnResponse 是否可以通过 HTTP-REDIRECT 绑定发送吗?我只找到了使用 HTTP-REDIRECT 绑定的 AuthnRequests 示例。
谢谢
不,不得使用 HTTP 重定向绑定发送 SAML AuthnResponse,请参阅 http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf#page=16,其中指出:
Identity Provider issues to Service Provider In step 5, the identity provider issues a message to be delivered by the user agent to the service provider. Either the HTTP POST, or HTTP Artifact binding can be used to transfer the message to the service provider through the user agent. The message may indicate an error, or will include (at least) an authentication assertion. The HTTP Redirect binding MUST NOT be used, as the response will typically exceed the URL length permitted by most user agents.
没有。对于 SAML 2.0 Web SSO,您不能对 AuthnResponse 使用 HTTP 重定向绑定。您唯一有效的绑定是 HTTP-POST 或 HTTP-Artifact.
SAML 2.0 一致性文档的第 6 页概述了各种情况下的有效绑定--http://docs.oasis-open.org/security/saml/v2.0/saml-conformance-2.0-os.pdf