IdP should access signed AuthnRequest only

Cheops_u16 at Cheops_u16 at
Tue Sep 27 10:35:13 BST 2011

I found solution myself.

In the relying-party.xml I added in the part
<security:SecurityPolicy id="shibboleth.SAML2SSOSecurityPolicy" xsi:type="security:SecurityPolicyType">

the line
<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>

and it work fine.

>sorry, my first mail was not in text-format :(
>is it possible to configure the IdP to accept signed AuthnRequests only?
>I have my own SP working with SAML2-protocol.
>In the idp-metadata.xml I set the option:
><IDPSSODescriptor wantAuthnRequestsSigned="true" ...
>but this doesn't work. IdP accept unsigned AuthnRequests too.
>Thanks for help.

Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die
Toolbar eingebaut!

More information about the users mailing list