saml icon indicating copy to clipboard operation
saml copied to clipboard
verified publisher icon crewjam

fix: improve SAML signature validation for redirect binding

Open gsaandy opened this issue 9 months ago • 7 comments

This resolves the merge conflicts in https://github.com/crewjam/saml/pull/449

In addition to the changes mentioned in the above PR, it also fixes the following

  • Removes the signature validation using SAMLResponse payload for HTTP-Redirect binding
  • Fix the Signature validation failures for ADFS because of decode/encode while reconstructing the sign data
  • fix: add missing Signature and SigAlg query params with single logout HTTTP-Redirect binding request

Tested single logout with Okta and Microsoft Entra ID(Azure AD)

gsaandy avatar May 17 '25 22:05 gsaandy

Review please @crewjam @andreas-kupries @Jguer @omerkarj

gsaandy avatar May 17 '25 22:05 gsaandy

@crewjam - just wondering if you’ve had a chance to take a look at this PR. I'm happy to help with any changes needed to get it fixed and merged

gsaandy avatar May 20 '25 15:05 gsaandy

@crewjam - just wondering if you’ve had a chance to take a look at this PR. I'm happy to help with any changes needed to get it fixed and merged

Hello @crewjam - Any chance this can be reviewed.

gsaandy avatar May 24 '25 20:05 gsaandy

@crewjam - could you help to review this PR.

gsaandy avatar Jun 07 '25 11:06 gsaandy

any ETA on this ?

Lumengrid avatar Jun 18 '25 08:06 Lumengrid

@crewjam - could you help to review this?

gsaandy avatar Jun 21 '25 11:06 gsaandy

Hello @crewjam , it's been about two months with no response on this PR. Just checking in - wondering if the repo is still actively maintained?

gsaandy avatar Jul 11 '25 08:07 gsaandy