SP Signed SAML requests

[Mike Flynn]

Thanks, Peter.  I read that section which referred to <RelyingParty> for this but I do not use a RelyingParty section in my config.  There is no signing element as described in the wiki within my config - Since I do not have this RelyingParty element, I assumed that the signing in the app defaults might be my issue - especially since the relyingparty element defaults to false...


________________________________
 From: Peter Schober <peter.schober at univie.ac.at>
To: users at shibboleth.net 
Sent: Friday, February 15, 2013 8:33 AM
Subject: Re: SP Signed SAML requests
 
* Mike Flynn <shibbolethlynda at yahoo.com> [2013-02-15 17:13]:
> In my app defaults I also have this:
> 
> <ApplicationDefaults  signing="true" id="default" policyId="default"
> REMOTE_USER="eppn" entityID="https://shib.lynda.com/shibboleth-sp"
> homeURL="https://shib.lynda.com/InCommon">
> 
> I just want to confirm - This is the signing setting that I should
> set to "false" - Correct?

I already pointed you to the documentation and named the specific
setting. The most specific URL I can get out of the wiki is:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication#NativeSPApplication-RelyingPartyAttributes
Then search for the attribute "signing". Here's the full text, which
should need no further explanation:

  * signing ("true", "false", "front", or "back") (defaults to "false")

    Controls outbound signing of XML messages. If "true", all are
    signed. If "front", only front-channel messages are signed. If "back",
    only back-channel messages are signed.

So either you did change a default or the default has changed in the
meantime. (I'd recommend to carry over your config to a new updated
config at some point.)
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130215/33769e20/attachment.html