[BUG] Assertions not in the request

[turbatuandrei]

Describe the bug
When activating either of:

ckanext.saml2auth.want_assertions_signed
ckanext.saml2auth.want_assertions_or_response_signed

The signature is not included in the request.

ckanext-saml2auth version affected
v1.1.1

Expected behaviour
Signature is expected to be applied to the request.

[mbocevski]

The want_assertions_signed, want_response_signed and want_assertions_or_response_signed are parameters that are valid for the responses from the IDp: https://pysaml2.readthedocs.io/en/latest/howto/config.html#want-assertions-signed. What those configuration options mean is that the SP (in this case the CKAN acs) wants assertions or responses to be signed by the IDp in the SAML2 response.

If you want requests to be signed, then this parameter is what you need to set: https://pysaml2.readthedocs.io/en/latest/howto/config.html#authn-requests-signed. Note that this is true by default. So you need to have the key and cert configured through these options:

• ckanext.saml2auth.key_file_path
• ckanext.saml2auth.cert_file_path

[turbatuandrei]

Thanks for the info, added authn_requests_signed: True to the config dict and all seems to work fine.

[FuhuXia]

@mbocevski Does this means that the requests are not signed by default?
@turbatuandrei Where do you add the authn_requests_signed: True?