New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Federation metadata is not signed #23

Open

AlistairDoswald opened this issue May 9, 2018 · 0 comments

Labels

AlistairDoswald commented May 9, 2018

From the WS-Fed protocol:

All metadata documents SHOULD be verified to ensure that the issuer can speak for the specified endpoint and that the metadata is what the issuer intended

Currently the metadata document provided is not signed. The relevent information on how to sign a metadata document can be found in the Signature property section of the protocol, and the XSDs for the WS-Fed federation metadata and the SAML 2.0 metadata

AlistairDoswald added the Security label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment