As an SP, Force IdP to Encrypt Response

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

As an SP, Force IdP to Encrypt Response

mpopatia
As a service provider, is there any way to tell the IdP to encrypt their
response and maybe reject the response if it is not encrypted?

We are an SP and work with multiple IdPs and in the decoded SAML message, in
our DEBUG logs, we always get
<saml2:EncryptedAssertion>...</saml2:EncryptedAssertion> except for one IdP
which sends unencrypted data and the decoded SAML message contains
<saml2:Assertion>...</saml2:Assertion> directly. In this case, regardless of
the credentials in my <CredentialResolver>, I can see the attributes being
sent. Is there any way to tell the IdP that we expect them to encrypt the
data being sent?

Thanks.



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Developers-f1660781.html
--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: As an SP, Force IdP to Encrypt Response

Cantor, Scott E.
If you're using the Shibboleth SP, this is more a question for users@, and the answer is no, I don't believe that's ever been included as an option. If you're not using the Shibboleth SP, it's not a topic for any of our lists.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]