IDP signs the SAML Assertion

Ryan Suarez ryan.suarez at
Tue Jun 9 20:32:29 UTC 2020

On Tue, 2020-06-09 at 16:05 -0400, Lohr, Donald wrote:
Are you able to go in to your identity provider, go to the service provider configuration, and ensure that the IDP signs the SAML Assertion?

How can I actually prove this or not prove it?

Install saml-tracer for chrome or firefox and inspect the SAML assertion. I believe you're looking for the following tags:

    <ds:Signature xmlns:ds=""><>;
            <ds:CanonicalizationMethod Algorithm="" />
            <ds:SignatureMethod Algorithm="" />
            <ds:Reference URI="#_5419d3961658e78b631941fcfacc9926">
                    <ds:Transform Algorithm="" />
                    <ds:Transform Algorithm=""><>;
                        <ec:InclusiveNamespaces xmlns:ec=""
                <ds:DigestMethod Algorithm="" />
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list