Re: [security-dev] How to configure ServiceProviderAuthenticator to do this ?

If your IdP is configured to support signatures and you send a unsigned AuthnRequest, it will allow you to authenticate. However, once you submit your credentials the IdP will process the AuthnRequest (which was previously stored) and it will fail because it is not signed. So the SAML response/assertion will never be sent to the SP. ----- Original Message ----- From: "Adam Dong" <adamdong(a)vidder.com&gt; Cc: security-dev(a)lists.jboss.org Sent: Thursday, October 16, 2014 12:54:13 PM Subject: [security-dev] How to configure ServiceProviderAuthenticator to do this ? To send AuthnRequest without signature (without signing), but can still verify the signature of assertion in the response ? Thanks, Adam _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev