shibboleth-dev - Re: [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses
Subject: Shibboleth Developers
List archive
- From: "Cantor, Scott E." <>
- To: "" <>
- Subject: Re: [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses
- Date: Fri, 22 Apr 2011 14:04:14 +0000
- Accept-language: en-US
On 4/22/11 6:13 AM, "Olivier Salaün"
<>
wrote:
> This value of the signResponses="never" XML attribute is not
> suiteable for most of our IdPs using EZProxy. I know that they can
> edit their configuration file, but I was wondering if their was a
> reason for this "default" value?
That's always been the accepted default for SAML 2 SSO, that's why various
pieces of data were moved into the assertion, to allow for signed tokens
without an additional signature needed. We just weren't following that
guideline until now.
Somebody that's a customer should report the bug to OCLC.
-- Scott
- [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses, Olivier Salaün, 04/22/2011
- Re: [Shib-Dev] IdP 2.2.1 / default for ProfileConfiguration/signResponses, Cantor, Scott E., 04/22/2011
Archive powered by MHonArc 2.6.16.