Force Shibboleth SP to request both response and assertion signature
Cantor, Scott
cantor.2 at osu.edu
Wed Dec 12 13:29:03 EST 2018
On 12/12/18, 1:21 PM, "users on behalf of Paolo Smiraglia" <users-bounces at shibboleth.net on behalf of paolo.smiraglia at gmail.com> wrote:
> I need to configure my Shibboleth SP (3.x) in order to mandatory
> require both the assertion and the response (nested) signatures. Any
> seggestion?
There's a setting to require signed responses and there's the ability in metadata to ask for signed assertions, there is no setting in the SP explicitly check for it. SSO best practice is to sign the response, there's no reason to sign the assertion (and good reasons not to, it discourages improper use of them).
-- Scott
More information about the users
mailing list