Fix response and assertion signing defaults - SC-116
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 10 Nov 2010 17:23:44 +0000 (17:23 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 10 Nov 2010 17:23:44 +0000 (17:23 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2963 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/installer/resources/conf-tmpl/relying-party.xml

index 94d3865..9477860 100644 (file)
@@ -57,8 +57,8 @@
                               includeAttributeStatement="true"
                               assertionLifetime="PT5M"
                               assertionProxyCount="0" 
                               includeAttributeStatement="true"
                               assertionLifetime="PT5M"
                               assertionProxyCount="0" 
-                              signResponses="conditional"
-                              signAssertions="never" 
+                              signResponses="never"
+                              signAssertions="always" 
                               encryptAssertions="conditional"
                               encryptNameIds="never" />
         
                               encryptAssertions="conditional"
                               encryptNameIds="never" />
         
@@ -71,8 +71,8 @@
                               encryptNameIds="never" />
         
         <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
                               encryptNameIds="never" />
         
         <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
-                              signResponses="conditional"
-                              signAssertions="never"
+                              signResponses="never"
+                              signAssertions="always"
                               encryptAssertions="conditional"
                               encryptNameIds="never"/>
         
                               encryptAssertions="conditional"
                               encryptNameIds="never"/>