#188 SimpleSAMLPHP option redirect.validate is unsupported
Closed: Invalid None Opened 3 years ago by rcritten.

This option configures whether logout requests and logout responses received from this IdP should be validated. The default is FALSE.

If set to TRUE it fails in SimpleSAMLPHP with:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /var/simplesamlphp/www/module.php:179 (N/A)
Caused by: SimpleSAML_Error_Exception: Validation of received messages enabled, but no signature found on message.
Backtrace:
2 /var/simplesamlphp/modules/saml/lib/Message.php:252 (sspmod_saml_Message::validateMessage)
1 /var/simplesamlphp/modules/saml/www/sp/saml2-logout.php:38 (require)
0 /var/simplesamlphp/www/module.php:134 (N/A)

Ok, I see. I needed to add this to the IdP metadata in metadata/saml20-idp-remote.php

    'certificate'          => 'idp.pem',

And fetch idp.pem from the IdP in /var/lib/ipsilon/saml2 and put it into cert/idp.pem

resolution: => invalid
status: new => closed

Login to comment on this ticket.

Metadata