{
const EntityDescriptor* entity = role ? dynamic_cast<const EntityDescriptor*>(role->getParent()) : nullptr;
const PropertySet* relyingParty = application.getRelyingParty(entity);
- pair<bool,const char*> flag = relyingParty->getString("signing");
+ pair<bool,const char*> flag = getString("signing",
+ !getElement() || XMLString::equals(getElement()->getNamespaceURI(), shibspconstants::SHIB2SPCONFIG_NS) ? nullptr : m_configNS.get());
+ if (!flag.first)
+ flag = relyingParty->getString("signing");
if (SPConfig::shouldSignOrEncrypt(flag.first ? flag.second : defaultSigningProperty, destination, encoder.isUserAgentPresent())) {
CredentialResolver* credResolver = application.getCredentialResolver();
if (credResolver) {