Comments (6)
That appears to use the proper xmldsig xmlns...
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
It's just using the xmldsig-more URIs for rsa-sha256 from RFC6931 to identify some extra algorithms that weren't defined in 2000/09/xmldsig. That spec added SHA256 among other things.
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
It's just a value of an attribute.
Most likely the problem is that SAML response has an assertion signature and not an envelope signature. I just use esaml directly, and there is an option to disable the requirement for envelope signature in the sp_config, I believe?
from esaml.
I see samly has an option you can put in config for your IDP: signed_envelopes_in_resp: false
that would probably fix it for you.
from esaml.
FYI, the way to tell an envelope signature from an assertion signature is where the <Signature />
tag is. If it's directly under <Response />
they call it an envelope signature. That signature would sign the entire XML doc. If it's directly under <Assertion />
it's an assertion signature, and only signs data under the <Assertion />
tag.
I've found envelope signatures the easiest to work with, but I'm guessing everyone has a different experience.
from esaml.
Thanks, I'll try the samly option out tonight if I have a chance.
from esaml.
Sorry for the delayed response. Thanks @samterrell for pitching in.
If you are using Samly
: signed_envelopes_in_resp: false
If you are using esaml
: The esaml_sp
record has idp_signs_envelopes
field. Turn it off.
Can you please confirm if you are able to get past this? Just want to make sure that folks are able to use esaml
/Samly
with Azure.
Thanks.
from esaml.
Closing. Please reopen if needed.
from esaml.
Related Issues (16)
- Shibboleth Single Logout - logout request fails
- Artifact resolution HOT 2
- Support Cowboy Update HOT 2
- Add nonce in auto form submit script
- XML redirect binding should strip signature
- esaml_sp trusted_fingerprints: support for "any" atom
- Cowboy 2.7? HOT 3
- Support Encrypted Assertions HOT 2
- Possible atom table overflow while parsing xml
- Updates / project status? HOT 5
- has anyone been able to use a full-chain certificate as the SP certificate ? HOT 1
- InResponseTo - make this available
- Support for OTP/21
- LogoutRequest Validation Error
- HTTP-REDIRECT wrong case.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from esaml.