+xHi Fabio, The CreateConfiguration example creates local identity provider or service provider configuration. The two flags you refer to are part of the partner provider configuration in saml.config as these may vary from one partner provider to another. For example, you might sign authn requests sent to one partner identity provider but not the other. The AuthnRequestsSigned would correspond to the <PartnerIdentityProvider> SignAuthnRequest flag. The WantAssertionsSIgned would correspond to the <PartnerIdentityProvider> WantAssertionSigned flag. However, please note that there's a WantAssertionOrResponseSigned flag that defaults to true. Generally it's simply to expect either the SAML response or assertion to be signed rather than being specific. Also, did you mean "Assertion Consumer Service Endpoint" rather than "Attribute Consumer Service Endpoint"? Hi! yes, the label was incorrect: the right one is "Assertion Consumer Service Endpoint". Now, I think i don't have a correct idea of how the configuration works: the differences between local SP (since we are implementing an SP) and Partner service provider. I'll try to explain our need better. We have a SP (our app) and i want to configure it trough the saml.config. Let's say an initial configuration where we only define enpoints for SSO and SLO of our SP. For this, i wanted to use your CreateConfiguration example as a guide. After that, using the partner Idp metadata, we need to include those information into this, just created, saml.config. We also need to export our metadata to share with the Idp.. so, basically, create it from our saml.config and give it to the idp so that it can include those into its own configurations. Since AuthnRequestsSigned and WantAssertionsSIgned are SP configurations, why do i should use a partner SP to configure them? Thank you Fabio
|