Does SP3 not sign authn requests by default?

Wessel, Keith kwessel at
Sat Jul 21 12:28:19 EDT 2018

Well, obviously, yes. But since the SP admins didn't even seem to know about signing="true", I doubt they made this change. I could be wrong, though, and they could have forgotten. I've asked them to restore shibboleth2.xml from backups on Monday to see if it had explicit signing settings. An explicit signing setting is the only thing that would make sense, but if it is in the old shibboleth2.xml, that would also imply that the upgrade to 3.0 removed it, and I hope that the RPM wouldn't make that kind of modification to the configuration.

I'll also test the endpoint validation skipping on my SP sandbox on Monday which is still running 2.6.

If I learn anything interesting, I'll report back.


-----Original Message-----
From: users <users-bounces at> On Behalf Of Peter Schober
Sent: Saturday, July 21, 2018 9:34 AM
To: users at
Subject: Re: Does SP3 not sign authn requests by default?

* Wessel, Keith <kwessel at> [2018-07-21 15:22]:
> It seems that adding signing="true" is a good fix, and not just a band 
> aid, in 3.0. But it'd make me feel better if I could explain why this 
> worked in 2.6 without that.

Then restore an old copy (or all available copies) of shibboleth2.xml from backup (or version control) and check for signing settings.

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list