How can we pass own certificate for decode, the signed assertion.

[karun-dhir]

I just want to know where to pass the .cert file or public key in your plugin.

[nqthqn]

Does this plugin support signed SAML responses? What does this line mean?

https://github.com/fangli/django-saml2-auth/blob/master/django_saml2_auth/views.py#L107

[ambsw-technology]

When a user goes to the signin endpoint, they should be redirected to a SAML IdP with a payload. This option indicates that the payload should not be signed.

Per the underlying pysaml2 docs, a keyfile is provided by including a key_file (private) and cert_file (public) entry at the top level of the config. Since django_saml2_auth doesn't offer a way to populate this entry, there's no way to provide a file for signature.

[agger-magenta]

It should be possible, however, to clone the source code and modify it to accept a key_file and a cert_file. I'm integrating to an IdP (not run by my own organization) which seems to require a certificate. Anyone who has experience with this?

[ghost]

Can the signed assertion mentioned in this thread cause this? This module require that the response is signed, but don't give the option to set the certificates to sign, wtf.

[claytondaley]

Yes. This module is "opinionated" insofar as it only supports the simplest use cases. I refactored the project to support modification using custom plugins (for example, custom metadata and signout redirection). This makes it easier to add functionality without having to incorporate the code into the base project.