verifying security used by a new SP
Cantor, Scott
cantor.2 at osu.edu
Thu Apr 18 14:39:44 EDT 2019
On 4/18/19, 1:37 PM, "users on behalf of Steven Carmody" <users-bounces at shibboleth.net on behalf of steven_carmody at brown.edu> wrote:
> our IDP is working with a new SP. I know the SP using simplesamlphp, but
> I'm not getting any answers from them to my questions about how the SP
> is configured. I'd like to verify, using the IDP logs, that "reasonable"
> security is being used.
It is rarely necessary to sign requests, and can be actively harmful in some respects when the total picture is taking into consideration, so I wouldn't judge "reasonable" by whether they're signing. That often is a red flag that they don't understand what they're doing, in fact.
-- Scott
More information about the users
mailing list