authn request signing
Cantor, Scott
cantor.2 at osu.edu
Thu Nov 3 16:48:01 GMT 2011
On 11/3/11 11:26 AM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:
>
>And then
> did a test with Max at PSU. It failed.
If it failed, then I would imagine your metadata must be wrong. The only
reason it should fail is if your signature wasn't trusted.
>Do I need to include the encryption setting and have it set to true along
>with signing="true"?
There is nothing in the request that's encrypted, the setting won't matter.
>If these values are not present in the ApplicationDefaults, I presume
>that Shibboleth defaults them both to false - correct?
Yes; you can find that out in the documentation. I documented every
setting.
>Is this customer wrong when they indicate that authn request signing will
>have no impact on existing Idps? I assume they are since PSU's shib
>connection attempt failed. Or, would setting both encryption and signing
>on applicationdefaults have prevented the error?
No, and any time the metadata is wrong, virtually anything can fail.
You can also override the setting for the specific relying party, as
documented.
-- Scott
More information about the users
mailing list