Does SP3 not sign authn requests by default?
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 25 17:41:00 EDT 2018
On 7/25/18, 5:00 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> This was still there after the upgrade to 3.0 but didn't result in the authn request to the IdP being signed. The signing
> attribute had to be added to the <ApplicationDefaults> elemnt before the IdP would skip endpoint validation again, or
> so it appears.
That's probably something subtle connected to the legacy configuration support but I don't know whether the change is intentional or not. I would guess it's a bug, and even if not I hadn't documented it as changing.
-- Scott
More information about the users
mailing list