OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [Shib-Users] shib2 sp + unsigned slo messages


On 9. des.2008, at 02:04, Scott Cantor wrote:

>> Is it possible to configure Shib 2.X SP to accept unsigned  
>> LogoutRequest
>> messages?
>
> I can't think of any reason why you would want to, and I wouldn't  
> advise anybody to try, but in theory if you create a Security Policy  
> with a NullSecurity rule:

Thanks...

> I haven't ever tried it, and I wouldn't expect anybody to do so.  
> Signing is a MUST with POST or Redirect SLO messages.

Yup, I know the profile doc says so. But I don't understand what  
threat you are protecting against when ensuring integrity of the  
LogoutRequest?

(I moved the question to saml-dev@oasis, because this is no longer  
shib related.)

-- 
Andreas Åkre Solberg
=andreas
http://rnd.feide.no



smime.p7s



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]