integration with Litmos?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

integration with Litmos?

Liam Hoekenga
Anyone ever do an integration with https://www.litmos.com/ ?

They want unsolicited SSO with RelayState, and they want RelayState as part of the assertion?  (I've only ever seen it as a query parameter).

Liam

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: integration with Litmos?

Greg Haverkamp
On Tue, May 8, 2018 at 12:48 PM, Liam Hoekenga <[hidden email]> wrote:
Anyone ever do an integration with https://www.litmos.com/ ?

Can't help there.
 
They want unsolicited SSO with RelayState, and they want RelayState as part of the assertion?  (I've only ever seen it as a query parameter).

Well, sent to the SP in the form, typically.  Is it possible they're confused?  I recent dealt with a vendor who claimed the same thing.  I told them it wasn't possible, and that it would be non-conforming.  They came back to me that they had talked to their "SAML engineers" and that I was wrong, so I sent them the respective sections from the specifications.  At that point, they responded that they didn't really mean in the assertion.  They meant in the POSTed form.

Greg
 

Liam

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: integration with Litmos?

Peter Schober
In reply to this post by Liam Hoekenga
* Liam Hoekenga <[hidden email]> [2018-05-08 21:50]:
> they want RelayState as part of the assertion?  (I've only ever seen
> it as a query parameter).

https://wiki.oasis-open.org/security

In this case Bindings, lates merged version being
http://www.oasis-open.org/committees/download.php/56779/sstc-saml-bindings-errata-2.0-wd-06.pdf

3.5.4 Message Encoding:

  If a “RelayState” value is to accompany the SAML protocol message,
  it MUST be placed in an additional hidden form control named
  RelayState within the same form with the SAML message

So it's not part of the assertion.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]