Help with setting up Duo Admin Panel and Shibboleth

Cantor, Scott cantor.2 at
Thu Jan 27 23:53:41 UTC 2022

Response signing is defaulted, adding p:signAssertions turns that on, as does adding WantAssertionsSigned to the metadata. I don't know that they require signed responses (which would be dumb, that's forcing people to sign twice for no reason) but I tend not to turn it off simply to avoid extra config work since I use the metadata flag to do this, not the relying party approach.

They handle encryption fine.

-- Scott

More information about the users mailing list