Alistair Young wrote:
> Do the SPs in the federation require signed assertions from the AA?
> Can't see anything in the metadata about it.
No, signed assertions are not required over the SP/AA connection unless
the SP's metadata says so. The SP/AA connection is mutually
authenticated by TLS with certificates presented by both ends, so
there's generally no need to pay the (substantial) cost of the extra
cryptography.
Only one SP entity currently requests signed assertions via the
metadata; it's a grid-related service so it may not be relevant to you.
-- Ian
|