[EXTERNAL] Re: AuthnRequests must be signed, but inbound message was not signed for IDP initiated SSO
Bobby Lawrence
robertl at jlab.org
Thu Dec 3 15:23:20 UTC 2020
Yes – if you truly need to do IdP-initiated and the SP cannot (or will not) change their metadata, you should download it, change it locally and then point the IdP at the local (modified) copy
From: users <users-bounces at shibboleth.net> On Behalf Of Abhishek Chouksey
Sent: Thursday, December 03, 2020 9:38 AM
To: Shib Users <users at shibboleth.net>
Subject: [EXTERNAL] Re: AuthnRequests must be signed, but inbound message was not signed for IDP initiated SSO
Means I have to make AuthnRequest flag as false in SP metadata file? :
<SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
On Thu, Dec 3, 2020 at 7:58 PM Cantor, Scott <cantor.2 at osu.edu<mailto:cantor.2 at osu.edu>> wrote:
> Thanks for the reply , but I already gone through that list but unable to figure
> out what is the actual solution ?
The solution is to fix the metadata.
-- Scott
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwMFaQ&c=CJqEzB1piLOyyvZjb8YUQw&r=YbL7Tj_EqBW9abl6xEy1bg&m=rGU52qFMZZ5qhLFP28_MOrx0QLVfWJyR6rUI5f4QzsI&s=Wfz_IBVmVUG9am2riQ6hjBC65kbOFiiFMaXVVpaxm-k&e=>
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201203/caf3d2b8/attachment.htm>
More information about the users
mailing list