How can I make Spring Security SAML2 sign the login request? This is my configuration:
spring.security.saml2.relyingparty.registration.shib.entity-id=https://myapp.host.edu/sp
spring.security.saml2.relyingparty.registration.shib.signing.credentials.certificate-location=classpath:credentials/saml-cert.pem
spring.security.saml2.relyingparty.registration.shib.signing.credentials.private-key-location=classpath:credentials/saml-key.pem
spring.security.saml2.relyingparty.registration.shib.assertingparty.metadata-uri=https://shib.host.edu/idp/shibboleth
spring.security.saml2.relyingparty.registration.shib.assertingparty.want-authn-requests-signed=true
I am using Spring Boot 3.1.1, which depends on Spring Security 6.1.1, which should contain a fix (https://github.com/spring-projects/spring-security/issues/12604) that makes the "want-authn-requests-signed" property functional. However, the requests are still not signed.