In metadata, EntityDescriptor tag does not have Signature in it, how to include it? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dffuqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Pawel LisPawel Lis 

In metadata, EntityDescriptor tag does not have Signature in it, how to include it?

Python library djangosaml2 (which internally uses pysaml2) expects <Signature> to be inside <EntityDescriptor>, but metadata.xml does not contain any <Signature>. Is there a way to include it in the output?

http://www.datypic.com/sc/ds/e-ds_Signature.html
Best Answer chosen by Pawel Lis
Pawel LisPawel Lis
There is no way to have <Signature> in metadata, so one has to set "want_response_signed" to False in pysaml2 settings.

All Answers

Chris HancockChris Hancock (Okta, Inc.)
Hi Pawel,

Unfortunately there is not a way to include a signature within the metadata file export for a SAML application. With regards to PySAML I have not seen it specifically stated that the signature is required within the EntityDescriptor. 
http://pysaml2.readthedocs.io/en/latest/howto/config.html#howto-config 

However if you are experiencing an error with using the Okta metadata I would recommend raising a support ticket as this will allow us to investigate this in more detail. 

To log a ticket you may sign into https://support.okta.com/help and select Open a Case. 

Thanks,
Chris
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
Okta Help Center Team
Pawel LisPawel Lis
There is no way to have <Signature> in metadata, so one has to set "want_response_signed" to False in pysaml2 settings.
This was selected as the best answer