Validating SAML signatures
Max Spicer
max.spicer at york.ac.uk
Mon Nov 29 13:16:38 UTC 2021
I'm having issues with an SP that is signing AuthnRequests with a different
key to the one that they advertise in their metadata. SSO is not currently
broken as we have the correct key in our local copy of their metadata - one
that they advertised several years ago. I'm trying to persuade the SP that
they are advertising the wrong key, but am struggling with this.
I have verified that our IdP successfully validates the signature in the
authn requests when it has the correct key, and fails when given the "new"
key. Can anyone recommend a tool / process to reproduce these results
outside of the IdP?
I have tried https://www.samltool.com/validate_authn_req.php but
unfortunately cannot get it to validate a signed authnrequest with the
correct key. Either the tool isn't working, or I don't know how to use it.
Thanks,
Max Spicer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211129/911a18e1/attachment.htm>
More information about the users
mailing list