IDP signs the SAML Assertion

Mak, Steve makst at
Tue Jun 9 20:54:24 UTC 2020

It should take you 1-2 files to be able to determine if you are signing assertions: relying-party.xml and the sp-metadata.xml file for their SP.

relying-party.xml is where you globally or specifically allow/deny/force signing.
sp-metadata.xml file is where an SP can choose to request a signed assertion if allowed and the IdP doesn't force it.

From: users <users-bounces at> on behalf of "Lohr, Donald" <lohrda at>
Reply-To: Shib Users <users at>
Date: Tuesday, June 9, 2020 at 16:05
To: "users at" <users at>
Subject: IDP signs the SAML Assertion

I've a SP vendor asking:

Are you able to go in to your identity provider, go to the service provider configuration, and ensure that the IDP signs the SAML Assertion?

How can I actually prove this or not prove it?



D o n a l d   L o h r

I n f o r m a t i o n   S y s t e m s

J a m e s   M a d i s o n   U n i v e r s i t y

5 4 0 . 5 6 8 . 3 7 3 0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list