SP Signed SAML requests
Mike Flynn
shibbolethlynda at yahoo.com
Fri Feb 15 11:12:43 EST 2013
Thanks, Peter. I see this:
requireSignedAssertions (boolean) (defaults to false)
In my app defaults I also have this:
<ApplicationDefaults signing="true" id="default" policyId="default" REMOTE_USER="eppn" entityID="https://shib.lynda.com/shibboleth-sp" homeURL="https://shib.lynda.com/InCommon">
I just want to confirm - This is the signing setting that I should set to "false" - Correct?
________________________________
From: Peter Schober <peter.schober at univie.ac.at>
To: users at shibboleth.net
Sent: Friday, February 15, 2013 8:04 AM
Subject: Re: SP Signed SAML requests
* Mike Flynn <shibbolethlynda at yahoo.com> [2013-02-15 15:23]:
> How do I turn this off?
Have a look at the ApplicationDefaults/@signing attribute (or
ApplicationOverride/@signing, of course):
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication
which could also be overridden for a specific relying party:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRelyingParty
> It must have been a default setting as I have never changed this
>from my initial install in 2009.
The IdP can also signal WantAuthnRequestsSigned="true" in their
metadata, another place to look at,
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130215/1cc62285/attachment.html
More information about the users
mailing list