IDP rely configuration - Adobe suggests a modification of default behaviour - any hints?

Cantor, Scott cantor.2 at
Fri Oct 4 09:18:15 EDT 2019

> Does anyone know whether the Okta SP (as used for Adobe Inc.) supports
> encryption?

It does not, as I recall.

> While the generated metadata I've seen does contain a certificate that comes
> with the use="signing" restriction (which when paired with
> SPSSODescriptor/@AuthnRequestsSigned="false" and no SLO support makes
> no sense as there's nothing left for the SP to sign).

Most of the time the flag being on isn't correlated with them actually signing. Most vendor metadata is barely correct, and often actively wrong.

-- Scott

More information about the users mailing list