Profile Configuration and meaning of "conditional" setting
Lukas Hämmerle
lukas.haemmerle at switch.ch
Fri Apr 27 13:52:05 BST 2012
> The message will be encrypted if the message is not sent directly to
> the peer over a transport channel that provides confidentiality.
>
> So, if you're doing an SAML 2 authn request, the message is *not*
> being sent to the peer, it's being sent to the user agent and so the
> condition is not met and XML encryption is required.
Ok, thx. So, the only option to prevent encryption in this case is to
manually set encryptAssertions="false" for that peer.
I guess there is no way to configure the IdP such that assertions are
not encrypted if the user agent transports it via an encrypted
transportation (e.g. https) to the peer, right?
If not and given that there are people who think that the agent (user)
should not be allowed to see the assertion containing information about
him and given that there may be use cases were this is justified, I
wonder: Are there other reasons that speak against adding another
setting besides "always", "never", "conditional" that would allow
sending unencrypted assertions via the user agent if the transport is
secure?
Kind Regards
Lukas
--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Hämmerle, Central Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle at switch.ch, http://www.switch.ch
More information about the users
mailing list