Versions Compared

Old Version 7

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version Current

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
New IdPs SHOULD avoid advertising SAML1 endpoints in IdP metadata.

Technical Details

...

  • IdPs MUST include one and only one TLS-protected <md:SingleSignOnService> endpoint that supports the Shibboleth 1.x AuthnRequest protocol.
  • IdPs MAY include an <md:ArtifactResolutionService> endpoint that supports the SAML V1.1 SOAP binding and therefore the SAML V1.1 Browser/Artifact profile. This endpoint MUST be protected by SSL/TLS unless message-based signing is used.
  • IdPs SHOULD include an <md:AttributeService> endpoint that supports the SAML V1.1 SOAP binding. This endpoint MUST be protected by SSL/TLS unless message-based signing is used.
  • IdPs MUST support the proprietary urn:mace:shibboleth:1.0:nameIdentifier transient name identifier format.

...