Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] port numbers in metadata

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] port numbers in metadata

Chronological Thread 
  • From: Ian Young <>
  • To:
  • Subject: Re: [Metadata-Support] port numbers in metadata
  • Date: Thu, 7 Jul 2016 13:33:21 +0100

> On 7 Jul 2016, at 13:24, Tom Scavo
> <>
> wrote:
> Other than being completely atypical, is there a good reason not to do this?

Same reason as back-channel stuff tends to cause trouble, which is that
firewalls can block that port. As well as being a problem you'd need to fix
at the IdP side, you need to be prepared to deal with odd firewall behaviour
at any location a client tries to authenticate from, where with the back
channel it's "only" the firewalls at SP locations.

A minor issue is that if you ever did want the IdP to grow a back channel for
any reason, you'd have to go even more off the reservation as you don't want
to run front and back channel on the same port.

-- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Archive powered by MHonArc 2.6.19.

Top of Page