Signature validation failing even though the request isn't signed
Wessel, Keith
kwessel at illinois.edu
Wed Dec 8 16:36:15 UTC 2021
Oops. Yep, sure enough. When I go to the parameters tab in SAML tracer, I see the signature parameter. Thanks; this clearly confirms that they're signing the request with a key for which I don't have the corresponding cert.
Thanks for pointing out the obvious for me, Scott.
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, December 8, 2021 10:28 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Signature validation failing even though the request isn't signed
You're forgetting the signature is on the URL, SAML Tracer won't show it.
-- Scott
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!qhO6pS3bnMOPs_ys6CnWHuQzUK1EFyO_dUA4T7YeWq7jCU1w3IH7W8vjJLttHJ-_Cw$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list