signed responses from an IdP

Brewer, Edward L lee.brewer at Vanderbilt.Edu
Mon Aug 17 16:06:29 EDT 2015

Signing the response is current best practice anyway, but I can't tell you the settings on the Ping side. The main reason to require a signed response is preventing attacks against XML Encryption, but I'm sure that isn't why they're requiring it.

-- Scott

>From the Ping Getting Started  Version 7.2  Manual

" Note: SAML specifications require that POST responses be
digitally signed."

Lee Brewer
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list