IdP assertions encryption issue
Peter Schober
peter.schober at univie.ac.at
Thu Feb 1 08:20:46 EST 2018
* Guillaume Rousse <guillaume.rousse at renater.fr> [2018-02-01 14:14]:
> > That's a very old question, see the archives. "conditional" basically
> > means "If it's not end-to-end secured -- as in: goes over the web
> > browser -- I'll encrypt it".
> As direct IdP/SP communication only occurs in some specific SAML profiles
> (at least Artifact Resolution and Attribute Query), does it imply than
> "conditional" setting for all other profiles involving user browser (SSO,
> notably) is actually a synonym for "always" ?
It is. You'll note from the documentation for current, supported
versions of the software that this has been changed and is only
supported for IDPs upgrading and making use of "legacy configuration":
https://wiki.shibboleth.net/confluence/display/IDP30/SecurityConfiguration
-peter
More information about the users
mailing list