I think there is too many configuration options for Keycloak SAML IDP
support. Don't you think it is safe to require that
1) IDP always signs SAML documents
2) Require SP to also always sign documents
#1 should definitely be a default and unchangable. Can't the SP just
ignore it anyways? Not sure about #2.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com