Does SP3 not sign authn requests by default?

[Wessel, Keith]

Well, obviously, yes. But since the SP admins didn't even seem to know about signing="true", I doubt they made this change. I could be wrong, though, and they could have forgotten. I've asked them to restore shibboleth2.xml from backups on Monday to see if it had explicit signing settings. An explicit signing setting is the only thing that would make sense, but if it is in the old shibboleth2.xml, that would also imply that the upgrade to 3.0 removed it, and I hope that the RPM wouldn't make that kind of modification to the configuration.

I'll also test the endpoint validation skipping on my SP sandbox on Monday which is still running 2.6.

If I learn anything interesting, I'll report back.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Saturday, July 21, 2018 9:34 AM
To: users at shibboleth.net
Subject: Re: Does SP3 not sign authn requests by default?

* Wessel, Keith <kwessel at illinois.edu> [2018-07-21 15:22]:
> It seems that adding signing="true" is a good fix, and not just a band 
> aid, in 3.0. But it'd make me feel better if I could explain why this 
> worked in 2.6 without that.

Then restore an old copy (or all available copies) of shibboleth2.xml from backup (or version control) and check for signing settings.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net