Does SP3 not sign authn requests by default?

Takeshi NISHIMURA takeshi at
Wed Jul 25 22:44:11 EDT 2018

Schema declares that conf:SessionInitiatorGroup attributes can also be applied to a <SSO> element, so I thought all such settings are delivered to /Shibboleth.sso/Login .
It is safe to do so at least in 2.0 configuration.

If not, we have to warn all deployers to check their <SSO> before applying "yum update".

Best regards,

On 2018/07/26 10:14, Cantor, Scott wrote:
> Actually, I take that back, I think it is an unintentional change now that I got to the bottom of it. There are some rarely used options that work in the updated configuration namespace but don't get handled correctly in the legacy namespace, so it's a regression.
> I don't know yet if I'll try to fix it, they're rarely used enough that documenting it is probably simpler. This is probably the most common one to be impacted. Most people can update to the new namespace very quickly anyway if the location of the setting has any real importance, which isn't the case here.
> -- Scott

More information about the users mailing list