Hi All, Pardon me if this is not the right place to ask this kind of question. I’ve been struggling to get the WSO2 Identity Server setup correctly to use SAML for the last couple weeks and have hit a new wall.
I have a single service provider with SAML inbound authentication configured. I have the "Enable Signature Validation in Authentication Requests and Logout Requests” checkbox checked. And so, if I send an AuthnRequest that is not properly signed, it will error. However, if I send a LogoutRequest with no signature (or with a signature made from a completely different cert/key), it will log my user out without error. How can I enable actual signature validation WSO2 IS? Cheers, -MacRae Linton TrussWorks _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
