Proxy IdP:s MUST include AuthenticatingAuthority element in assertions
martin-lindstrom opened this issue · 1 comments
martin-lindstrom commented
The current version of the deployment profile states that a proxy-IdP should include the AuthenticatingAuthority element in assertion where it states the actual authority that authenticated the user. We should change this to MUST to ensure that the Service Provider always can get a traceability back to this service.
martin-lindstrom commented
Thinking about this ... We should really avoid using MUST if not really necessary. Let's keep the SHOULD.