* Stefan Kombrink <[hidden email]> [2019-11-21 08:24]:
> To me it seems as if the WAYF forces it to use SAML1, and that's why I do
> not obtain the entityID. Is that so?
Indeed. The flow for (obsolete) "WAYF" is different and goes from the
IDP Discovery Service direcly to the IDP. Avoid that anywhere/everywhere.
In the "SAMLDS" flow the discovery service sends you back to the SP
(with the selected IDP, of course) and only SP then sends you on to
the IDP by sending an authn request (as usual) with whatever
properties the SP requires. That allows the SP to sign the authn
request, if so desired, or add policy to it depending on the IDP's