Ipsilon barfs (400 bad request) unless the AuthnRequest is signed, so that should be indicated in the metadata.
WantAuthnRequestsSigned = true
(see line 687, sec 2.4.3 of http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf )
Alternatively, that should be a configuration item whether or not signed requests are required.
In debug mode, an unsigned request gets the following error:
DEBUG(ipsilon/providers/common.py:50 InvalidRequest.__init__()): Invalid SAML Request: <lasso.Samlp2AuthnRequest object at 0x7f8f25806cd0> (DsSignatureNotFoundError() [u'PHN.....(snip)...dD4='])
The SP he was using was the SimpleSAMLphp SP
milestone: => 1.1
Yeah, this is a clear bug in lasso. I've reported it to their upstream mailing list for now (at the moment moderated).
owner: => rcritten
status: new => accepted
resolution: => fixed
status: accepted => closed
rhbz: => 0
Metadata Update from @nkinder:
- Issue assigned to rcritten
- Issue set to the milestone: 1.1
- Issue tagged with: saml
to comment on this ticket.