signed responses from an IdP

Mark K. Miller max at
Mon Aug 17 16:15:35 EDT 2015

On Mon, 17 Aug 2015, Brewer, Edward L wrote:

> From the Ping Getting Started  Version 7.2  Manual
> " Note: SAML specifications require that POST responses be digitally 
> signed."

Interesting!  The Ping Identity v6.x SP didn't require this.  Has the SAML 
spec changed between Ping v6.x and v7.2?  Or, is it just that the parts of 
the SAML spec Ping implements has changed?

And, does anyone know from the actual spec if this is phrased as "require 
that POST responses be digitally signed."  Or, is it possibly phrase as, 
"require that POST responses be able to be digitally signed."  Obviously, 
the first phrasing doesn't allow for disabling signing, but the second 
phrasing does.

> Lee Brewer



More information about the users mailing list