-
-
Notifications
You must be signed in to change notification settings - Fork 571
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Difficulty setting WantAssertionsSigned in metadata.xml endpoint #306
Comments
A settings.security[:want_assertions_signed] could be added.
|
No, but can you? |
I will add this to the pending tasks queue, but can't give you an ETA. |
alex-wood
added a commit
to alex-wood/ruby-saml
that referenced
this issue
Apr 26, 2016
* onelogin/master: Explictly state Ruby 2.0.x support Related to PR SAML-Toolkits#269 Fix SAML-Toolkits#299 Fix SAML-Toolkits#306. Support WantAssertionsSigned Use settings.idp_cert_fingerprint_algorithm in idp_metadata_parser for fingerprint instead of SHA1 Implement binding parsing in idp_metadata_parser
kerlin
added a commit
to kerlin/rack-saml
that referenced
this issue
Jun 21, 2022
Adding setting to agree with changes in ruby-saml 1.3.1 and later. See SAML-Toolkits/ruby-saml#306 and SAML-Toolkits/ruby-saml@6c54131 Previously, settings.security[:want_assertions_signed] was set to true by ruby-saml/metadata.rb when the metadata.yml contained an idp certificate. Now set in rack-saml.yml with want_assertions_signed: true Also passing the setting :authn_requests_signed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ruby-saml tries to decide whether it should set
WantsAssertionsSigned
on [https://github.com/onelogin/ruby-saml/blob/37368619bf04cfccad9634e79c98e5b9b38d980d/lib/onelogin/ruby-saml/metadata.rb#L33](this line of code). However, the rub here is that it requiresidp_cert
to be set. If you are writing a SP that integrates with multiple IDPs, it doesn't really make sense for your metadata endpoint (which usually looks something like):to know anything about any IDPs at this point in the code flow. Can you let
saml-ruby
users just say whether they want incoming assertions signed?The text was updated successfully, but these errors were encountered: