Does SP3 not sign authn requests by default?
Michael A Grady
mgrady at unicon.net
Fri Jul 20 18:29:43 EDT 2018
> On Jul 20, 2018, at 5:19 PM, Wessel, Keith <kwessel at illinois.edu> wrote:
>
> FWIW, adding signing="true" to our ApplicationDefaults has fixed the issue. The docs say that this should behave the same as 2.6 did: our IdP metadata says nothing about wantRequestsSigned, and I read the docs as it'll be signed unless the metadata specifically says not to as long as the SP is able to sign it. Do I misunderstand the "soft false" discussed in the SP 3 signing and encryption docs
I haven't looked at the SP 3 docs, but 2.x never signed by default. That's stated explicitly here:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSigningEncryption
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180720/040d9725/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://shibboleth.net/pipermail/users/attachments/20180720/040d9725/attachment.sig>
More information about the users
mailing list