WebSSO Configuration - Add `Require signed assertions` and `Enable strict replay attack protection`
September 1st, 2025
Description
Added two new optional security settings to the WebSSO SAML configuration:
Require signed assertions– enforces that the SAML assertion itself must be digitally signed. If the assertion is not signed, login attempts will be rejected.Enable strict replay attack protection– ensures that every login response matches a specific request issued by SmartRecruiters, preventing replay attacks. This option disables IdP-initiated logins.
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations.
Both options are disabled by default for all existing configurations. Administrators can enable them as needed depending on their IdP setup and security requirements.