AssertionConsumerServiceIndex vs. AssertionConsumerURL - Mishra, Prateek - org.oasis-open.lists.security-services

17 messages in org.oasis-open.lists.security-servicesAssertionConsumerServiceIndex vs. Ass...

From	Sent On	Attachments
Mishra, Prateek	Aug 25, 2004 9:44 am
Conor P. Cahill	Aug 25, 2004 10:06 am
Scott Cantor	Aug 25, 2004 10:16 am
Scott Cantor	Aug 25, 2004 10:19 am
Conor P. Cahill	Aug 25, 2004 10:31 am
Scott Cantor	Aug 25, 2004 11:02 am
Conor P. Cahill	Aug 25, 2004 11:20 am
Scott Cantor	Aug 25, 2004 11:28 am
Conor P. Cahill	Aug 25, 2004 11:42 am
Scott Cantor	Aug 25, 2004 11:51 am
Conor P. Cahill	Aug 25, 2004 9:13 pm
Scott Cantor	Aug 25, 2004 9:24 pm
Conor P. Cahill	Aug 25, 2004 9:26 pm
Scott Cantor	Aug 25, 2004 9:31 pm
Scott Cantor	Aug 25, 2004 9:39 pm
Mishra, Prateek	Aug 30, 2004 1:24 pm
Scott Cantor	Aug 30, 2004 1:28 pm

Subject:	AssertionConsumerServiceIndex vs. AssertionConsumerURL
From:	Mishra, Prateek (pmis...@netegrity.com)
Date:	Aug 25, 2004 9:44:41 am
List:	org.oasis-open.lists.security-services

I am puzzled by the occurrence of these two fields in an AuthNRequest. At the minimum there appears to be some redundancy here: Why isn't it always enough to set AssertionConsumerURL to the right value?

Turning to the description of AssertionConsumerServiceIndex in core, the sentence "It applies only to profiles in which the request issuer is different from the presenter" confuses me even further. Does this mean that the Web SSO profile does not use this attribute? At the same time there is a reference to AssertionConsumerServiceIndex within the SSO profile (lines 490). Perhaps the above sentence should be deleted? Obviously, profiles that mandate use of this index will do so explicitly and there is no need to discuss it preemptively in core.

- prateek

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets