Trey T
Reputation: 35
What's the use case for signed SAML IdP metadata?
Is having signed metadata useful in any way outside of the initial metadata exchange? What are the risks in skipping the signature the signature check?
Upvotes: 1
Views: 91
Answers (1)
Stefan Rasmusson
Reputation: 5595
This is only to secure the initial exchange. About the risks. Its recommended to secure the transport of thw meta data in some way to ensure trust. This is just one more alternative to ensure trust. If you trust the channel where the metadata is delivered, there is no need to sign
Upvotes: 1
Related Questions
- Spring Security SAML IdP Metadata Certificate and Signature
- How does a SAML Service Provider match an IDP metadata information?
- Why to configure SP generated metadata in SP and IDP?
- What is the purpose of a SAML Artifact?
- Spring security saml extension usable for IDP implementation
- SAML 2.0 SP metadata: Purpose and the use of certificate
- What is SAML metadata?
- How to configuration of IDP metadata and SP metadata in Spring Security SAML sample?
- How to add new idp metadata in spring-SAML at runtime
- SP metadata signing