-
Notifications
You must be signed in to change notification settings - Fork 12
Closed
Labels
January 2026 InteropExpected to be completed by end of Sept. 2025 for the Jan. 2026 interop.Expected to be completed by end of Sept. 2025 for the Jan. 2026 interop.agendasl1sl2
Description
In #94, the language was changed to require RP initiated federation flows. SAML often uses an IdP initiated federation, e.g. from the Okta dashboard. While this has known security issues (see https://www.identityserver.com/articles/the-dangers-of-saml-idp-initiated-sso), it is also commonly used.
How do we want to handle this moving forward? I see two choices:
- Move the requirement for RP initiated flows to SL2, allowing them to continue at SL1 for SAML implementations
- Keep the requirement at SL1 and figure out how to device a mechanism for SAML that works similar to https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin
Metadata
Metadata
Assignees
Labels
January 2026 InteropExpected to be completed by end of Sept. 2025 for the Jan. 2026 interop.Expected to be completed by end of Sept. 2025 for the Jan. 2026 interop.agendasl1sl2