More descriptions in the documentation, i.e. for SAML 2 and IdP handling

[mdehn]

-----Original Message----- From: Shiino, Toshihiro/椎野 稔弘 Sent: Freitag, 16. Dezember 2016 09:16 [...] Digging into more details of new feature, there are several issues I have encountered and not able to find any description in the given documents, such as:

• The SAML Single Logout feature newly provided in v16.1, I found no information of logout/signature certification in metadata.
• Though NameIDFormat is stated as urn:oasis:names:tc:SAML:2.0:nameid-format:transient within metadata, the telegraphic message of logout is sent with NameIdFormat fixed as http://schemas.xmlsoap.org/claims/UPN.
• The binding to let IDP be back to SP at logout did not work unless it is used with GET (and I assume this can be solved when the logout information is correctly output in metadata and automatically set forward). [...]