Sending the SAMLReply/Assertion
Cantor, Scott
cantor.2 at osu.edu
Tue Jul 13 13:04:27 UTC 2021
On 7/13/21, 8:55 AM, "users on behalf of Mak, Steve" <users-bounces at shibboleth.net on behalf of makst at upenn.edu> wrote:
> The simplest way would be to inspect all of your customer's metadata. If any of them are signing requests –
> which is generally unnecessary – they must include a signing cert. You can easily inspect their public signing
> certs for the signature algorithm without shibSP logs.
You can't tell anything from the certificate apart from the RSA vs. ECDSA question. The digest used in a signature has no connection to anything in the certificate.
-- Scott
More information about the users
mailing list