#136 SAMLv2: WantAuthnRequestsSigned = true
Closed: Fixed None Opened 5 years ago by tommythekid.

Ipsilon barfs (400 bad request) unless the AuthnRequest is signed, so that should be indicated in the metadata.

WantAuthnRequestsSigned = true

(see line 687, sec 2.4.3 of http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf )

Alternatively, that should be a configuration item whether or not signed requests are required.

In debug mode, an unsigned request gets the following error:

DEBUG(ipsilon/providers/common.py:50 InvalidRequest.__init__()): Invalid SAML Request: <lasso.Samlp2AuthnRequest object at 0x7f8f25806cd0> (DsSignatureNotFoundError() [u'PHN.....(snip)...dD4='])

The SP he was using was the SimpleSAMLphp SP

Fields changed

milestone: => 1.1

Yeah, this is a clear bug in lasso. I've reported it to their upstream mailing list for now (at the moment moderated).

owner: => rcritten
rhbz: =>
status: new => accepted

master: 63c1a25

resolution: => fixed
status: accepted => closed

Fields changed

rhbz: => 0

Metadata Update from @nkinder:
- Issue assigned to rcritten
- Issue set to the milestone: 1.1
- Issue tagged with: saml

3 years ago

Login to comment on this ticket.

Metadata