-
Notifications
You must be signed in to change notification settings - Fork 474
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reference id not matching with documentElement id #863
Comments
Setting |
What did you get when testing over at https://www.samltool.com/online_tools.php? If you got it to work, what options did you select on their web page? |
@Kittenhunter If you ran into this problem due passport-saml upgrade from something to FWIW: Here is comment / quote how to configure Azure AD side:
source of aforementioned quote: #816 (comment) If you work also with ADFS see ADFS configuration tips from here: #840 (comment) Long list of similar issues:
|
Both Request and Response are valid. Do you have any other specific test in mind? |
The error comes not from upgrading of a previous version. |
@srd90 I've created a Wiki page that summarized this. Hopefully that will save you some time. Feel free to edit it, or let me know in an issue reply if you'd like some text added to it and I'll do it. https://github.com/node-saml/passport-saml/wiki/Common-Issues |
@cjbarth I was just logging in back to github in order to comment that maybe this "invalid signature thing" could / should be added to issue template 😄 Something like
or maybe a link from issue template to that wiki page that you created. Adding one more link to this issue's thread (just in case someone lands here with search engine or with github search): |
Thank you very much with your help. |
To Reproduce
Receiving this response from Azure AD:
When validating the signature, the documentElement of the SAML response is used and the reference id tries to match with the id of it. But they don't match, instead the reference id matches with the
<Assertion>
-Element id, thus successfully validating the signature is not possible.Expected behavior
Signature should validate successfully.
Environment
passport-saml
version: 4.0.4The text was updated successfully, but these errors were encountered: