SP Signed SAML requests
Mike Flynn
shibbolethlynda at yahoo.com
Mon Feb 18 16:01:18 EST 2013
Having turned off signing, I have a customer now that reports this error:
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Requester
Message: Signature required
Will I need to set a rule like this for them?
<RelyingParty Name="some_entityID.com" signing ="true"/>
________________________________
From: Mike Flynn <shibbolethlynda at yahoo.com>
To: Shib Users <users at shibboleth.net>
Sent: Friday, February 15, 2013 9:47 AM
Subject: Re: SP Signed SAML requests
Thanks, Peter :)
________________________________
From: Peter Schober <peter.schober at univie.ac.at>
To: users at shibboleth.net
Sent: Friday, February 15, 2013 9:35 AM
Subject: Re: SP Signed SAML requests
* Mike Flynn <shibbolethlynda at yahoo.com> [2013-02-15 18:01]:
> Thanks, Peter. I read that section which referred to <RelyingParty>
> for this but I do not use a RelyingParty section in my
> config. There is no signing element as described in the wiki within
> my config - Since I do not have this RelyingParty element, I assumed
> that the signing in the app defaults might be my issue - especially
> since the relyingparty element defaults to false...
"The following supported attributes are grouped because they can be
overridden per-partner using a <RelyingParty> element:"
Anyway, <ApplicationDefaults signing="false" ...> will do what you
asked for, in case we haven't yet established that :)
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130218/1d1d7a56/attachment.html
More information about the users
mailing list