Support for IdP discovery protocol

simplesamlphp / SAML-tracer

Browser extension for examining SAML messages

https://addons.mozilla.org/nl/firefox/addon/saml-tracer/

BSD 2-Clause "Simplified" License

142 stars 39 forks source link

Support for IdP discovery protocol #3

Closed olavmrk closed 10 months ago

olavmrk commented 13 years ago

We should support the SAML 2.0 «Identity Provider Discovery Service Protocol and Profile».

Specification: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf

thijskh commented 6 years ago

Basically the only way to recognise such requests is whether there's a entityID URL parameter present. This seems so a-specific that I think such discovery service protocol support would flag too many requests as "SAML".

Since the SAML tracer already splits out the get parameters in the Parameters tab, you already have quite a decent overview of what happens in those requests, and I'm also not sure what additional processing SAML Tracer would do for discovery requests.

tvdijen commented 10 months ago

Closing this one; I agree with Thijs. The IDP Disco request+response are shown in the tracer and to tag every request with an entityID URL-parameter is just too generic.