Signing propagating logout request with non-default credentials
Cantor, Scott
cantor.2 at osu.edu
Wed May 17 11:54:39 EDT 2017
On 5/17/17, 11:51 AM, "users on behalf of Daniel Lutz" <users-bounces at shibboleth.net on behalf of daniel.lutz at switch.ch> wrote:
> It seems to me that this is not possible, since looking up a SignatureSigningConfiguration
> is supported via ProfileConfigurations only, but there's no ProfileConfiguration available
> for the logout propagation flow ("PropagateLogout"). Instead, the default SignatureSigningConfiguration
> of the DefaultRelyingParty is used, as far as I could see.
The SAML2.Logout bean is the profile for it. There isn't a way to separate the behavior for signing LogoutResponses from requests, but that's about the only limitation.
-- Scott
More information about the users
mailing list