Add signResponses value based on relying party

Nate Klingenstein ndk at
Thu Aug 27 18:47:26 UTC 2020


You just need a conditional activation for that RP.  Note that allowing totally unsigned responses is basically equivalent to allowing anyone in the universe to impersonate your IdP, so you should also turn signAssertions to "always".  If they can't accept signed assertions nor signed responses, their SP is wide open.

Take care,

Signet, Inc.
The Art of Access ®

-----Original message-----
> From: Ronish Zadode
> Sent: Thursday, August 27 2020, 12:24 pm
> To: users at
> Subject: Add signResponses value based on relying party
> Hi,
> I'm trying to configure a new SP which expects SAML responses to be signed.
> So I changed the signResponses value to 'always' from 'never' in profile tag in relying-party.xml
> But another SP which I had already configured doesn't requires Signed SAML responses.
> Can someone help how can I configure signResponses value based on relying-party?
> Thank you,
> Ronish
> ==========
> This e-mail may contain privileged and 
> confidential information which is the property of Persistent Systems 
> Ltd. It is intended only for the use of the individual or entity to 
> which it is addressed. If you are not the intended recipient, you are 
> not authorized to read, retain, copy, print, distribute or use this 
> message. If you have received this communication in error, please notify
>  the sender and delete all copies of this message. Persistent Systems 
> Ltd. does not accept any liability for virus infected mails.
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list