Force Shibboleth SP to request both response and assertion signature
Paolo Smiraglia
paolo.smiraglia at gmail.com
Wed Dec 12 13:21:06 EST 2018
Hello guys,
I need to configure my Shibboleth SP (3.x) in order to mandatory
require both the assertion and the response (nested) signatures. Any
seggestion?
With the current configuration
https://github.com/psmiraglia/spid-auth-docker/blob/revise-shibboleth-configuration/etc/shibboleth/shibboleth2.xml.tpl
when the SP receives a response that has only the <Assertion> or the
<Response> signature, the message is considered valid.
Many thanks,
Paolo
--
PAOLO SMIRAGLIA
More information about the users
mailing list