Ipsilon barfs (400 bad request) unless the AuthnRequest is signed, so that should be indicated in the metadata.
WantAuthnRequestsSigned = true
(see line 687, sec 2.4.3 of http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf )
Alternatively, that should be a configuration item whether or not signed requests are required.
In debug mode, an unsigned request gets the following error:
DEBUG(ipsilon/providers/common.py:50 InvalidRequest.__init__()): Invalid SAML Request: <lasso.Samlp2AuthnRequest object at 0x7f8f25806cd0> (DsSignatureNotFoundError() [u'PHN.....(snip)...dD4='])
The SP he was using was the SimpleSAMLphp SP
Fields changed
milestone: => 1.1
Yeah, this is a clear bug in lasso. I've reported it to their upstream mailing list for now (at the moment moderated).
owner: => rcritten rhbz: => status: new => accepted
https://pagure.io/ipsilon/pull-request/12
master: 63c1a25
resolution: => fixed status: accepted => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to rcritten - Issue set to the milestone: 1.1 - Issue tagged with: saml
Log in to comment on this ticket.