SP Signed SAML requests
Peter Schober
peter.schober at univie.ac.at
Fri Feb 15 11:33:31 EST 2013
* Mike Flynn <shibbolethlynda at yahoo.com> [2013-02-15 17:13]:
> In my app defaults I also have this:
>
> <ApplicationDefaults signing="true" id="default" policyId="default"
> REMOTE_USER="eppn" entityID="https://shib.lynda.com/shibboleth-sp"
> homeURL="https://shib.lynda.com/InCommon">
>
> I just want to confirm - This is the signing setting that I should
> set to "false" - Correct?
I already pointed you to the documentation and named the specific
setting. The most specific URL I can get out of the wiki is:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication#NativeSPApplication-RelyingPartyAttributes
Then search for the attribute "signing". Here's the full text, which
should need no further explanation:
* signing ("true", "false", "front", or "back") (defaults to "false")
Controls outbound signing of XML messages. If "true", all are
signed. If "front", only front-channel messages are signed. If "back",
only back-channel messages are signed.
So either you did change a default or the default has changed in the
meantime. (I'd recommend to carry over your config to a new updated
config at some point.)
-peter
More information about the users
mailing list