Use case:
- We currently require that EITHER the assertion or the response is signed from the idp but we do not require the administrator/idp to specify this during configuration.
After checking through the code in SamlServiceProvider we see no way to accomplish our case and would thus have to implement our own version of SamlServiceProvider which we naturally really would not given the amount of nice code that resides within.
We would thus want either a new configuration property such as “WantAssertionSignedOrSamlResponseSigned” or “WantSomeKindOfSecurityMeasure”
Thoughts? Time frame?
Actually, this is something we’ve been considering adding as a convenience so thank you for the suggestion.
We called the property WantAssertionOrResponseSigned and it defaults to true.
This will be included in the v1.0.3 release.
Please contact support@componentspace.com if you’d like to test with a beta release.
[quote][/quote]
Actually, this is something we've been considering adding as a convenience so thank you for the suggestion.
We called the property WantAssertionOrResponseSigned and it defaults to true.
This will be included in the v1.0.3 release.
Please contact support@componentspace.com if you'd like to test with a beta release.
We called the property WantAssertionOrResponseSigned and it defaults to true.
This will be included in the v1.0.3 release.
Please contact support@componentspace.com if you'd like to test with a beta release.
Perfect, will do that
Email sent with the 1.0.3 beta.