signed responses from an IdP
Mark K. Miller
max at psu.edu
Mon Aug 17 15:51:50 EDT 2015
The default replying party on my Shibboleth IdP has the SAML2SSOProfile
configured with signResponses="never"
Yesterday, one of the vendors I work with upgraded their SP software from
some old Ping Identity implementation to some newer Ping Identity
implementation and things stoped working.
They told me that I need to sign assertions; so, I told them I am.
Through experimentation I have learned if I create a custom relying party
for them and change signResponses to "always" things start to work again.
Why is the default on my Shibboleth Idp "never"? And, would anyone know
what to change on the Ping Identity side to make this work the way it used
More information about the users