IdP should access signed AuthnRequest only
Cheops_u16 at web.de
Cheops_u16 at web.de
Tue Sep 27 10:35:13 BST 2011
I found solution myself.
In the relying-party.xml I added in the part
<security:SecurityPolicy id="shibboleth.SAML2SSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
the line
<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
and it work fine.
>Hi,
>
>sorry, my first mail was not in text-format :(
>
>is it possible to configure the IdP to accept signed AuthnRequests only?
>I have my own SP working with SAML2-protocol.
>
>In the idp-metadata.xml I set the option:
>
><IDPSSODescriptor wantAuthnRequestsSigned="true" ...
>
>but this doesn't work. IdP accept unsigned AuthnRequests too.
>
>Thanks for help.
>Thomas
___________________________________________________________
Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die
Toolbar eingebaut! http://produkte.web.de/go/toolbar
More information about the users
mailing list