[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Tech Overview outstanding issues
On 10/6/06, Philpott, Robert <rphilpott@rsasecurity.com> wrote: > Ummm... just after the Issuer element of the samlp:Response, the example > says: > <!-- a POSTed response MUST be signed --> > > When using the POST binding with the SSO profile, it isn't the > samlp:Response that must be signed. Per Profiles section 4.1.4.5, it is > the enclosed saml:Assertion that must be signed. Yes, Rob, that appears to be the case. Thanks for pointing that out. I'll fix it on my end. Tom Scavo NCSA/University of Illinois
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]