Ang: Re: Unsoclicited SSO questions

Cantor, Scott cantor.2 at
Thu May 28 12:33:30 EDT 2015

On 5/28/15, 11:09 AM, "users on behalf of Paul Hethmon" <users-bounces at on behalf of paul.hethmon at> wrote:
>However, I suspect that the signed request is not the problem, but the SP consuming the SAML Response. I don’t think (but I am not positive) that the SAML Response includes any information about whether the request was signed or not.

It does not.

> If it does not have that information, then the SP is choking on something else.

Very likely. So if you (the OP) are the one jumping to the conclusion that this has anything to do with the request, just stop; you're incorrect. If the vendor is claiming that, then you now know the vendor doesn't know what they're doing with the technology and you will be stuck debugging their system for them and you should add some time to your project plan to account for that eventuality.

-- Scott

More information about the users mailing list