SAML assertion signature validation with Shibboleth SP
rarathore at ptc.com
Tue Nov 22 14:05:03 UTC 2022
We intercept the SAML assertion response using Burf tool and remove signature part from SAML assertion response and forward the same request, it will execute successfully by Shibboleth. If you want I can share more logs to you, please let me know if you need any additional logs.
Thanks and Regards,
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Tuesday, November 22, 2022 7:19 PM
To: Rathore, Rajendra <rarathore at ptc.com>; Shib Users <users at shibboleth.net>
Subject: Re: SAML assertion signature validation with Shibboleth SP
I don’t know what any of that is supposed to mean, but there is no way on earth that you are modifying a signed object and getting a Shibboleth SP to accept it unless what you're modifying isn't part of the signature.
More information about the users