signature not found

Cantor, Scott cantor.2 at osu.edu
Tue Jan 17 16:26:46 EST 2017


> The difference is Kronos told us to disable response signature and enable
> assertion signature. Setting WantAssertionsSigned="true" without the
> relying party override signs both response and assertion (looks like the only
> way in the IdP to disable response signature is via relying party override).

That is true, yes. That's generally not required unless you're concerned about every last bit of performance, but sometimes if the SP is broken enough it can be.
 
> Anyhow, SSO proceeds without error, so WantAssertionsSigned="true" in
> metadata alone is sufficient for this app. Whether they validate reponse
> signature or ignore it is not known.

Though apparently not in this case.

-- Scott



More information about the users mailing list