IDP03 unsolicited sso support

Alexander Galilov alexander.galilov at
Thu May 7 08:56:27 EDT 2015

Thank you Rod,
Does it mean that if I go to


in my browser then it should work?

I got an error message and few records in idp logfile:

2015-05-07 15:49:33,070 - ERROR
- SPSSODescriptor for entity ID ''
indicates AuthnRequests must be signed, but inbound message was not signed

2015-05-07 15:49:33,101 - WARN
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:182] -
Profile Action WebFlowMessageHandlerAdaptor: Exception handling message
org.opensaml.messaging.handler.MessageHandlerException: Inbound
AuthnRequest was required to be signed but was not

I have

         <bean parent="RelyingPartyByName" c:relyingPartyIds="">
            <property name="profileConfigurations">
                    <bean parent="SAML2.SSO" p:signAssertions="true"
p:encryptAssertions="false" />

in relying-party.xml

Thank you again!

Best regards,

2015-05-07 15:22 GMT+03:00 Rod Widdowson <rdw at>:

> > Does Shibboleth IdP 3 support unsolicited sso
> I cannot find the reference right now, but the answer is yes.  IdPV3
> supported the same end points as V2 and this includes the IdP-Initiated
> point (supported out of the box)
> tells you how to set up the link.
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list