authn request signing

Cantor, Scott cantor.2 at
Thu Nov 3 16:48:01 GMT 2011

On 11/3/11 11:26 AM, "Mike Flynn" <shibbolethlynda at> wrote:
>And then
> did a test with Max at PSU.  It failed.

If it failed, then I would imagine your metadata must be wrong. The only
reason it should fail is if your signature wasn't trusted.

>Do I need to include the encryption setting and have it set to true along
>with signing="true"?

There is nothing in the request that's encrypted, the setting won't matter.

>If these values are not present in the ApplicationDefaults, I presume
>that Shibboleth defaults them both to false - correct?

Yes; you can find that out in the documentation. I documented every

>Is this customer wrong when they indicate that authn request signing will
>have no impact on existing Idps?  I assume they are since PSU's shib
>connection attempt failed.  Or, would setting both encryption and signing
>on applicationdefaults have prevented the error?

No, and any time the metadata is wrong, virtually anything can fail.

You can also override the setting for the specific relying party, as

-- Scott

More information about the users mailing list