[Unity-idm-discuss] Get Unity SAML SP to sign AuthnRequests

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi!

my Unity SAML SP authenticating against a Shibboleth IDP is almost
working now :-)
However, I still can't get Unity to sign the AuthnRequests.

This is my Unity SAML configuration:

unity.saml.requester.defaultSignRequest=true
unity.saml.requester.metadataSource=${CONF}/sp-metadata.xml
unity.saml.requester.requesterEntityId=https://unity-service-provider
unity.saml.requester.metadataSource.umsso.url=file:///etc/unity-idm/idp-metadata.xml
unity.saml.requester.metadataSource.umsso.perMetadataTranslationProfile=MySAMLInputProfile
unity.saml.requester.metadataPath=unity-sp
unity.saml.requester.requesterCredential=MYCRED

So I'm configuring both SP and IDP via XML metadata files. The SP
metadata xml contains this tag:

<md:SPSSODescriptor AuthnRequestsSigned="true"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

Because of AuthnRequestsSigned="true", the IDP expects signed
AuthnRequests - but doesn't seem to get them. It complains in its logs
when I try to log in:

Message did not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Inbound AuthnRequest
was required to be signed but was not

How can I switch on AuthnRequest signing for the Unity SAML SP?

Thanks!
D

[Unity-idm-discuss] Get Unity SAML SP to sign AuthnRequests

Identity management and federations integration

[Unity-idm-discuss] Get Unity SAML SP to sign AuthnRequests