You do not necessarily provide SP Metadata to your IdP, it's optional. If you really have to implement this you need to create the metadata.xml and make it (publicly) available to your IdP. The important part is that you can reach your IdP's metadata.xml and this URL has to be entered as value for the "saml-idp-metadata-url" key.
The parameter to only accept signed SamlResponses is "saml-strict: true" in your guacamole.properties file, it's up to the SP to decide if it accepts signed or unsigned responses from the IdP. As ACS URL you can tell your IdP to use the FQDN of Guacamole like a user accessing your guacamole instance would type it. Regards, Simon Müller -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
