[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: [Shib-Users] Signing requests
From:       "Tom Scavo" <trscavo () gmail ! com>
Date:       2008-07-29 13:33:40
Message-ID: ea2af9bd0807290633w408c6871ya01b0a8e22902ad0 () mail ! gmail ! com
[Download RAW message or body]

On Tue, Jul 29, 2008 at 4:22 AM,  <martha@itslearning.com> wrote:
>
> It seems like it is possible to make TestShib work WITHOUT signing the requests ?

Do you mean the authn requests?  SAML V1.1 doesn't have an authn
request, so Shibboleth invented one.  You can't sign it, however,
because it consists of four HTTP parameters and nothing more.

> Will the correct behaviour be to sign the AttributeQuery request ?

No, I believe Shibboleth 1.3 supports only SSL/TLS client
authentication.  That said, consider implementing your SP (if that's
really what you want to do) so that it supports attribute push.
That's much, much easier to deal with (and the Shib IdP 1.3 supports
it, I think).

HTH,
Tom
[prev in list] [next in list] [prev in thread] [next in thread]