Reward Gateway - IdP initiated SSO - UnsolicitedSSO
Tom Scavo
trscavo at gmail.com
Mon Feb 19 19:20:44 EST 2018
On Mon, Feb 19, 2018 at 6:44 PM, Lipscomb, Gary <glipscomb at csu.edu.au> wrote:
>
> Not at the moment. I'm trying to make as little change as possible.
If the SP supports encryption (which many don't), they would include
an encryption certificate in their metadata. Since they haven't, I
conclude they don't support encryption.
> I thought
> AuthnRequestsSigned="false" WantAssertionsSigned="true"
> In the SP metadata would have handled this.
You're confusing signing and encryption. Both of the above attributes
say something about signing. OTOH, support for inbound encryption at
the SP is determined by the presence (or absence) of an encryption
certificate in SP metadata. The IdP uses that certificate to encrypt
the assertion.
Tom
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Tom Scavo
> Sent: Tuesday, 20 February 2018 10:35 AM
> To: Shib Users <users at shibboleth.net>
> Subject: Re: Reward Gateway - IdP initiated SSO - UnsolicitedSSO
>
> Hi Gary,
>
> On Mon, Feb 19, 2018 at 6:11 PM, Lipscomb, Gary <glipscomb at csu.edu.au> wrote:
>>
>> Has anyone got unsolicited SSO working with Reward Gateway (RG). Their metadata contains no X.509 certificate [1]
>
> That implies no encryption. Have you disabled XML encryption for this
> relying party?
>
> Tom
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list