Skip to content
This repository has been archived by the owner on Nov 29, 2022. It is now read-only.

SES-45: Problematic logic regarding whether requests are signed #51

Closed
spring-projects-issues opened this issue Mar 27, 2010 · 3 comments
Labels
in: core An issue in spring-security-saml-core type: bug A general bug type: jira An issue that was migrated from JIRA

Comments

@spring-projects-issues
Copy link

Rob Moore (Migrated from SES-45) said:

Currently the generated metadata states that requests will be signed. However, the code relies on the IDP's metadata to determine if the requests should be signed (see line 92 of WebSSOProfileImpl). This results in a case where Microsoft ADFS (formerly Geneva) rejects the request because it does not require authentication requests be signed as an IDP but enforces the SP's assertion that it will sign requests it sends to the IDP.

This can be worked around if the IDP is configured to require signed requests (http://social.msdn.microsoft.com/Forums/en/Geneva/thread/88394bb2-9dad-45fd-8dfa-60155d2af37c) but there may be instances where this kind of configuration isn't possible across the board (that is, there may be a mix of SP types -- some that support/require signing and some that do not).

I suggest that the SP's descriptor's value be used instead or that both descriptors be consulted to determine whether signing is required.

@spring-projects-issues
Copy link
Author

Rob Moore said:

Here's another case with a similar issue:

http://www.novell.com/support/viewContent.do?externalId=7005337&sliceId=1

@spring-projects-issues
Copy link
Author

Rob Moore said:

Change to sign requests if either the SP has stated it will sign them or if the IDP has requested that they be signed.

@spring-projects-issues
Copy link
Author

Vladimir Schäfer said:

Resolved by applying the supplied patch.

@spring-projects-issues spring-projects-issues added in: core An issue in spring-security-saml-core Closed type: bug A general bug type: jira An issue that was migrated from JIRA labels Feb 5, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
in: core An issue in spring-security-saml-core type: bug A general bug type: jira An issue that was migrated from JIRA
Development

No branches or pull requests

1 participant