Hi,
I feel SPSSODescriptor.AuthnRequestsSigned and IDPSSODescriptor.WantAuthnRequestsSigned somewhat confusing. could you explain them and their significance.
Does the EntityDescriptor.ValidUntil is same as the signing or encrypting certificate expire date?
Thanks
Kaypees.
The SP SSO descriptor describes service provider configuration.
The IdP SSO descriptor describes identity provider configuration.
The AuthnRequestsSigned flag in the SPSSODescriptor specifies that the SP will sign authentication requests that it sends to the IdP.
The WantAuthnRequestsSigned flag in the IdPSSODescriptor specifies that the IdP wants the authentication requests it receives from the SP signed.
The ValidUntil indicates how long the SAML metadata is valid. This might be used, for example, as part of an automated system that retrieves new SAML metadata automatically based off the validity period. This is independent of any expiry date for signing or encryption certificates.