Assertion signing and encryption question
Elena Ryazanova
ryazanov at bc.edu
Wed Oct 28 14:56:43 EDT 2015
We have Shibboleth IdP v3 (upgraded from v2), member of InCommon.
Currently we are working with a new vendor who has experience with SAML
integrations but not with Shibboleth.
It seems our vendor (SP) has problems with the way IdP assertion signed
and encrypted. No other SPs who are configured to use the same default
relying party profile reported problems with assertion encryption performed
by our IdP.
Here is what the vendor says:
"SP has determined that IdP encrypts the assertion and then signs the
encryption
SP code works as follows: (1) First decrypt the assertion and (2) then
compute the signature
With the signature not inside the encryption SP would need IdP to sign the
assertion prior to encryption".
Are there any options in IdP configuration to control the order. Is there
any standard way to encrypt and sigh assertions?
Thank you,
Elena
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151028/a4bb7fb9/attachment-0001.html>
More information about the users
mailing list