shibboleth-dev - [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses

Subject: Shibboleth Developers

List archive

[Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses

From: Olivier Salaün <>
To:
Subject: [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses
Date: Fri, 22 Apr 2011 12:13:34 +0200

I noticed that the latest version of the IdP (2.2.1) install process creates a relying-party.xml config file with the following piece of config:

        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
                              includeAttributeStatement="true"
                              assertionLifetime="PT5M"
                              assertionProxyCount="0"
                              signResponses="always"
                              signAssertions="always"
                              encryptAssertions="conditional"
                              encryptNameIds="never" />

This value of the signResponses="never" XML attribute is not suiteable for most of our IdPs using EZProxy. I know that they can edit their configuration file, but I was wondering if their was a reason for this "default" value?

Thanks.

[Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses, Olivier Salaün, 04/22/2011
- Re: [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses, Cantor, Scott E., 04/22/2011

List archive

[Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses