I'm not sure Bill. There a number of different use cases, people should choose what
they want. Not sure if it is a good thing to force users to always use signatures.
If you want to provide a good interoperability with others implementations, better to keep
these options.
I understand your point, but I don't think this would be appealing to your community
(and users from PL and other vendors).
Maybe you can just organize better that UI in order to make it more simple and avoid user
mistakes.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org, "Pedro Igor Silva" <psilva(a)redhat.com>
Sent: Wednesday, November 5, 2014 12:25:10 PM
Subject: SAML IDP defaults
I think there is too many configuration options for Keycloak SAML IDP
support. Don't you think it is safe to require that
1) IDP always signs SAML documents
2) Require SP to also always sign documents
#1 should definitely be a default and unchangable. Can't the SP just
ignore it anyways? Not sure about #2.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com