SP Signed SAML requests

Mike Flynn shibbolethlynda at yahoo.com
Fri Feb 15 12:01:22 EST 2013

Thanks, Peter.  I read that section which referred to <RelyingParty> for this but I do not use a RelyingParty section in my config.  There is no signing element as described in the wiki within my config - Since I do not have this RelyingParty element, I assumed that the signing in the app defaults might be my issue - especially since the relyingparty element defaults to false...

 From: Peter Schober <peter.schober at univie.ac.at>
To: users at shibboleth.net 
Sent: Friday, February 15, 2013 8:33 AM
Subject: Re: SP Signed SAML requests
* Mike Flynn <shibbolethlynda at yahoo.com> [2013-02-15 17:13]:
> In my app defaults I also have this:
> <ApplicationDefaults  signing="true" id="default" policyId="default"
> REMOTE_USER="eppn" entityID="https://shib.lynda.com/shibboleth-sp"
> homeURL="https://shib.lynda.com/InCommon">
> I just want to confirm - This is the signing setting that I should
> set to "false" - Correct?

I already pointed you to the documentation and named the specific
setting. The most specific URL I can get out of the wiki is:
Then search for the attribute "signing". Here's the full text, which
should need no further explanation:

  * signing ("true", "false", "front", or "back") (defaults to "false")

    Controls outbound signing of XML messages. If "true", all are
    signed. If "front", only front-channel messages are signed. If "back",
    only back-channel messages are signed.

So either you did change a default or the default has changed in the
meantime. (I'd recommend to carry over your config to a new updated
config at some point.)
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130215/33769e20/attachment.html 

More information about the users mailing list