Allow SP config force signature validation

Zogoo · Jul 24, 2024 · db81230 · db81230
1 parent 3e58ea2
commit db81230
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/lib/saml_idp/request.rb b/lib/saml_idp/request.rb
@@ -130,11 +130,8 @@ def valid_signature?
       # Force signatures for logout requests because there is no other protection against a cross-site DoS.
       # Validate signature when metadata specify AuthnRequest should be signed
       metadata = service_provider.current_metadata
-      if logout_request? || authn_request? && metadata.respond_to?(:sign_authn_request?) && metadata.sign_authn_request?
-        document.valid_signature?(service_provider.cert, service_provider.fingerprint)
-      else
-        true
-      end
+      require_signature = logout_request? || authn_request? && metadata.respond_to?(:sign_authn_request?) && metadata.sign_authn_request?
+      service_provider.validate_signature?(document, require_signature)
     end
 
     def valid_external_signature?