diff options
| author | Scott Koranda <skoranda@gmail.com> | 2017-12-27 15:08:28 -0600 |
|---|---|---|
| committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-11-21 17:36:02 +0200 |
| commit | 23fe5142709a0894b02b166a84dcead945b0c93e (patch) | |
| tree | c0b190173261080637bdd434ebf0458dd4ff1d80 /docs | |
| parent | 40a3699ef25a514b4a2ba7bf1ce2a0cdb3428abf (diff) | |
| download | pysaml2-23fe5142709a0894b02b166a84dcead945b0c93e.tar.gz | |
Add want_assertions_or_response_signed functionality
Add the ability to configure an SP to require either a signed response
or signed assertions.
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/howto/config.rst | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/docs/howto/config.rst b/docs/howto/config.rst index 21d04af1..ee4e403f 100644 --- a/docs/howto/config.rst +++ b/docs/howto/config.rst @@ -624,6 +624,33 @@ Example:: } } +want_assertions_or_response_signed +"""""""""""""""""""" + +Indicates that *either* the Authentication Response *or* the assertions +contained within the response to this SP must be signed. + +Valid values are True or False. Default value is False. + +This configuration directive **does not** override ``want_response_signed`` +or ``want_assertions_signed``. For example, if ``want_response_signed`` is True +and the Authentication Response is not signed an exception will be thrown +regardless of the value for this configuration directive. + +Thus to configure the SP to accept either a signed response or signed assertions +set ``want_response_signed`` and ``want_assertions_signed`` both to False and +this directive to True. + +Example:: + + "service": { + "sp": { + "want_response_signed": False, + "want_assertions_signed": False, + "want_assertions_or_response_signed": True + } + } + idp/aa/sp ^^^^^^^^^ |