Add signResponses value based on relying party
ndk at signet.id
Thu Aug 27 18:47:26 UTC 2020
You just need a conditional activation for that RP. Note that allowing totally unsigned responses is basically equivalent to allowing anyone in the universe to impersonate your IdP, so you should also turn signAssertions to "always". If they can't accept signed assertions nor signed responses, their SP is wide open.
The Art of Access ®
> From: Ronish Zadode
> Sent: Thursday, August 27 2020, 12:24 pm
> To: users at shibboleth.net
> Subject: Add signResponses value based on relying party
> I'm trying to configure a new SP which expects SAML responses to be signed.
> So I changed the signResponses value to 'always' from 'never' in profile tag in relying-party.xml
> But another SP which I had already configured doesn't requires Signed SAML responses.
> Can someone help how can I configure signResponses value based on relying-party?
> Thank you,
> This e-mail may contain privileged and
> confidential information which is the property of Persistent Systems
> Ltd. It is intended only for the use of the individual or entity to
> which it is addressed. If you are not the intended recipient, you are
> not authorized to read, retain, copy, print, distribute or use this
> message. If you have received this communication in error, please notify
> the sender and delete all copies of this message. Persistent Systems
> Ltd. does not accept any liability for virus infected mails.
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users