SP Signed SAML requests

Mike Flynn shibbolethlynda at yahoo.com
Fri Feb 15 09:22:32 EST 2013

I got a message from a fed member this morning:

Hi Mike,
Was looking into something for a mutual customer and spotted that your Shib SP is signing its SAML requests.
This isn’t supported in either of the two OpenAthens products being used by our customers in the UK Access Management federation so could cause problems for a significant number of their members (should they subscribe to your service).

How do I turn this off?  It must have been a default setting as I have never changed this from my initial install in 2009.

In the config, I see this:

             <PolicyRule type="XMLSigning" errorFatal="true"/>
             <PolicyRule type="SimpleSigning" errorFatal="true"/>

With a warning above these settings that if you do not know what you are doing, don't screw with it.  Since I don't know what I am doing :) - I ask you folks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130215/8cc2b540/attachment.html 

More information about the users mailing list