CentOS/RHEL packages for - Shibboleth Service Provider Security Advisory [27 February 2018]

Peter Schober peter.schober at univie.ac.at
Thu Mar 8 12:34:26 EST 2018

* Sam Jacob <skjacob at gmail.com> [2018-03-08 18:16]:
> from Scott's post:
> "I investigated, discreetly, a number of SPs that my university has
> campus-wide integrations with and that did not support XML Encryption "
> How do you determine an SP that doesn't support XML Encryption?

Things to look for:
An SP with no key in metadatam or with a key that has use="signing".
A RelyingParty exception for SAML2.SSO with p:encryptAssertions="false".
A property setting idp.encryption.optional to true (idp.properties or elsewhere).

More information about the users mailing list