...
Tip |
---|
New IdPs SHOULD avoid advertising SAML1 endpoints in IdP metadata. |
Technical Details
...
- IdPs MUST include one and only one TLS-protected
<md:SingleSignOnService>
endpoint that supports the Shibboleth 1.xAuthnRequest
protocol. - IdPs MAY include an
<md:ArtifactResolutionService>
endpoint that supports the SAML V1.1 SOAP binding and therefore the SAML V1.1 Browser/Artifact profile. This endpoint MUST be protected by SSL/TLS unless message-based signing is used. - IdPs SHOULD include an
<md:AttributeService>
endpoint that supports the SAML V1.1 SOAP binding. This endpoint MUST be protected by SSL/TLS unless message-based signing is used. - IdPs MUST support the proprietary
urn:mace:shibboleth:1.0:nameIdentifier
transient name identifier format.
...