Unsoclicited SSO questions

IAM David Bantz dabantz at alaska.edu
Thu May 28 19:06:59 EDT 2015

On Thu, May 28, 2015 at 6:20 AM, Johan Romin <johan.romin at egbs.se> wrote:

the service providier requires signed authn request?
> The service provider I'm going to integrate with requires a signed authn
> request and supports only idp initiated flow.
Other have pointed out the self-defeating nature of that requirement as
stated.  But I wonder if the vendor doesn't mean to state that they require
the authN assertion from your IdP be signed, rather than, as literally
stated, that the unsolicited authN request to the IdP be signed.

You craft the unsolicited request to your IdP, and the SAML authN assertion
to the vendor's SP is signed by your IdP.  The vendor can check the
signature if they've imported the public part of your signing cert.

Apologies if I've offered a red herring.

David Bantz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150528/75608f1f/attachment.html>

More information about the users mailing list