Skip to content

Set the AuthnRequestsSigned attribute in the Saml2 metadata filter #10614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xpmatteo wants to merge 3 commits into from
Closed

Set the AuthnRequestsSigned attribute in the Saml2 metadata filter #10614

xpmatteo wants to merge 3 commits into from

Conversation

@xpmatteo
Copy link

@xpmatteo xpmatteo commented Dec 18, 2021

Previously, the AuthnRequestsSigned attribute was not set in the
metadata xml that is produced by the Saml2 metadata filter. As a
result, the maintainers of the IDP I had to register with were rejecting
our application.

Now, the attribute is always set, namely to "true" if the asserting
party wants signed authentication requests, and false otherwise. This
declares to the asserting party whether authentication requests will be
signed or not.

@xpmatteo-tw @xpmatteo
Set the AuthnRequestsSigned attribute in the Saml2 metadata filter
7d9e3d7 
Previously, the AuthnRequestsSigned attribute was not set in the
metadata xml that is produced by the Saml2 metadata filter.  As a
result, the maintainers of the IDP I had to register with were rejecting
our application.

Now, the attribute is always set, namely to "true" if the asserting
party wants signed authentication requests, and false otherwise. This
declares to the asserting party whether authentication requests will be
signed or not.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 18, 2021
@eleftherias eleftherias added in: saml2 An issue in SAML2 modules type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 21, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Jan 14, 2022
edited
Loading

Hi, @xpmatteo. Thanks for the contribution.

While I see your intent, I don't think we want to assume RP metadata based on AP metadata. Whether or not an RP will sign AuthnRequests stands somewhat independent from whether or not an AP wants them signed.

Instead, what about adding a Converter method that allows the EntityDescriptor to be edited before getting serialized, e.g. setEntityDescriptorCustomizer(Consumer<EntityDescriptorParameters> entityDescriptor)? This would be similar to OpenSaml4AuthenticationRequestResolver#setAuthnRequestCustomizer.

@jzheaux jzheaux added the status: waiting-for-feedback We need additional information before we can continue label Jan 14, 2022
@jzheaux jzheaux mentioned this pull request Feb 15, 2022
Closed
@jzheaux
Copy link
Contributor

jzheaux commented Feb 15, 2022

Closed in favor of #10839

@jzheaux jzheaux closed this Feb 15, 2022
@jzheaux jzheaux added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-feedback We need additional information before we can continue labels Feb 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jzheaux jzheaux

Labels

in: saml2 An issue in SAML2 modules status: declined A suggestion or change that we don't feel we should currently apply type: enhancement A general enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@xpmatteo @jzheaux @eleftherias @marcusdacoregio @spring-projects-issues @xpmatteo-tw