SAML assertion signature validation with Shibboleth SP
Rathore, Rajendra
rarathore at ptc.com
Tue Nov 22 14:05:03 UTC 2022
Hi Scott,
We intercept the SAML assertion response using Burf tool and remove signature part from SAML assertion response and forward the same request, it will execute successfully by Shibboleth. If you want I can share more logs to you, please let me know if you need any additional logs.
Thanks and Regards,
Rajendra Rathore
9922701491
-----Original Message-----
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Tuesday, November 22, 2022 7:19 PM
To: Rathore, Rajendra <rarathore at ptc.com>; Shib Users <users at shibboleth.net>
Subject: Re: SAML assertion signature validation with Shibboleth SP
I don’t know what any of that is supposed to mean, but there is no way on earth that you are modifying a signed object and getting a Shibboleth SP to accept it unless what you're modifying isn't part of the signature.
-- Scott
More information about the users
mailing list