Add signResponses value based on relying party

Ronish Zadode ronish_zadode at persistent.com
Fri Aug 28 14:09:33 UTC 2020 

Thank you Nate and Amit!

From: users <users-bounces at shibboleth.net> On Behalf Of Nate Klingenstein
Sent: Friday, August 28, 2020 12:31 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Add signResponses value based on relying party

Amit,

Excuse me, I misread what the original poster had done.  Yes, you're right.

My apologies,
Nate.

On Thu, Aug 27, 2020 at 12:55 PM Nate Klingenstein <ndk at sudonym.me<mailto:ndk at sudonym.me>> wrote:
Amit,

It would be similarly dangerous to sign nothing for all relying parties except this one.  I think you meant to write signResponses = false for this SP only.

Best wishes,
Nate.

On Thu, Aug 27, 2020 at 12:52 PM Amit Dongaonkar <amitd at nitssolutions.com<mailto:amitd at nitssolutions.com>> wrote:
Try setting up the new sp in the replying party overrides section. There you can set the signresponses = true for this sp only.


Thanks and Regards,


Amit Dongaonkar



On Thu, Aug 27, 2020 at 2:23 PM Ronish Zadode <ronish_zadode at persistent.com<mailto:ronish_zadode at persistent.com>> wrote:
Hi,
I'm trying to configure a new SP which expects SAML responses to be signed.
So I changed the signResponses value to 'always' from 'never' in profile tag in relying-party.xml

But another SP which I had already configured doesn't requires Signed SAML responses.

Can someone help how can I configure signResponses value based on relying-party?

Thank you,
Ronish

DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200828/6aadc321/attachment.htm>

More information about the users mailing list