Skip to content

Add MellonSignAuthnRequest directive for AuthnRequest signing#159

Open
sensei-hacker wants to merge 1 commit into
latchset:mainfrom
sensei-hacker:feature/sign-authn-request
Open

Add MellonSignAuthnRequest directive for AuthnRequest signing#159
sensei-hacker wants to merge 1 commit into
latchset:mainfrom
sensei-hacker:feature/sign-authn-request

Conversation

@sensei-hacker

Copy link
Copy Markdown

The metadata generated by the script says that Authn requests will be signed. But then they normally aren't.

Adds a new (optional) directive:
MellonSignAuthnRequest on|off

(default off) that sets LASSO_PROFILE_SIGNATURE_HINT_FORCE before building the AuthnRequest. This is needed for IdPs such as PingOne that require signed requests when consent:Implied is present, even though this is not mandated by the SAML spec. Does not affect the existing ECP signing path.

Adds a new 'MellonSignAuthnRequest on|off' config directive (default off)
that sets LASSO_PROFILE_SIGNATURE_HINT_FORCE before building the AuthnRequest.
This is needed for IdPs such as PingOne that require signed requests when
consent:Implied is present, even though this is not mandated by the SAML spec.
Does not affect the existing ECP signing path.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant