Does SP3 not sign authn requests by default?
Wessel, Keith
kwessel at illinois.edu
Fri Jul 20 18:19:34 EDT 2018
FWIW, adding signing="true" to our ApplicationDefaults has fixed the issue. The docs say that this should behave the same as 2.6 did: our IdP metadata says nothing about wantRequestsSigned, and I read the docs as it'll be signed unless the metadata specifically says not to as long as the SP is able to sign it. Do I misunderstand the "soft false" discussed in the SP 3 signing and encryption docs?
Thanks,
Keith
-----Original Message-----
From: Wessel, Keith
Sent: Friday, July 20, 2018 4:32 PM
To: users at shibboleth.net
Subject: Does SP3 not sign authn requests by default?
We have a multi-domain SP hosting a number of CPanel sites. It automatically pulled in SP 3.0 (they clearly need to fix how the prod environment gets updated), and now they're having authentication problems. It's one of the few SPs for which we've allowed the skip endpoint validation if signed option in the IdP.
Before, the authn requests were signed, and everything was working with the endpoint validation checks being skipped. Is this no longer the default in SP V3? And if not, how do we turn it back on?
Thanks,
Keith
More information about the users
mailing list