signed responses from an IdP
Mark K. Miller
max at psu.edu
Mon Aug 17 16:30:58 EDT 2015
On Mon, 17 Aug 2015, Cantor, Scott wrote:
> Signing the response is current best practice anyway,
Since you know I'm not just 'playing dumb' this next question will be
really easy!
So, if I just went and changed the profle in my default relying party to
say "always" then the best practices would be in place and all the vendor
SPs I deal with would continue to happily with my IdP, right? ;-)
> but I can't tell
> you the settings on the Ping side. The main reason to require a signed
> response is preventing attacks against XML Encryption, but I'm sure that
> isn't why they're requiring it.
I'm sure too. And, you are correct again!
> -- Scott
Thank you, Scott!
Max
More information about the users
mailing list