Lohr, Donald lohrda at jmu.edu
Wed Sep 3 21:11:36 EDT 2014

We are in conversation with an integrator of a cloud app ( I can not 
disclose yet) and we asked the following question, and their answer is 
in red.
Does the vendor support full endpoint-to-endpoint XML (assertion) 
encryption via the use of a certificate model, compatible with the model 
supported by Shibboleth?  If not, how does the vendor provide 
confidentiality between endpoints, or does the vendor expect a custom 
setting in the RelyingParty configuration that sets 
encryptAssertions=”never”? //This is coming up more and more now 
(especially within the university system).  We do not support XML 
assertion encryption at this time.  We do support x509 signature and 
certificate validation on all responses, but not assertion encryption.

/For starters, my Shibboleth 2.x knowledge is very limited, I'm a 
newby.  The above question is from a previous Shibboleth admin. I do not 
fully understand this question we asked the integrator.

My question for the group, does Shibboleth 2.x support x509 signature 
and certificate validation.

I need to be able to get some reasonable comment back to my manager on 
the answer the integrator provided.


D o n a l d   L o h r

i n f o r m a t i o n   s y s t e m s
j a m e s   m a d i s o n   u n i v e r s i t y

5 4 0 . 5 6 8 . 3 7 3 0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140903/8a728316/attachment.html 

More information about the users mailing list