Help with setting up Duo Admin Panel and Shibboleth
cantor.2 at osu.edu
Thu Jan 27 23:53:41 UTC 2022
Response signing is defaulted, adding p:signAssertions turns that on, as does adding WantAssertionsSigned to the metadata. I don't know that they require signed responses (which would be dumb, that's forcing people to sign twice for no reason) but I tend not to turn it off simply to avoid extra config work since I use the metadata flag to do this, not the relying party approach.
They handle encryption fine.
More information about the users