saml2 mtls issue

Cantor, Scott cantor.2 at
Tue Nov 9 15:29:40 UTC 2021

>    thank you very much for your quick reply. Could you please provide me with a reference for "... and that's
> not even technically a thing the SAML standard would allow one to do.". The IDP is asking for it 🙁

Look at the metadata spec and the definition of the use attribute on KeyDescriptor. There is only one defined way to know what somebody's key is, and it's metadata. Ergo if there's no way to distinguish between signing and TLS in that method, there is no such allowance in the standard to make them different.

-- Scott

More information about the users mailing list