Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to add signature on AuthnRequest
See original GitHub issueHello, I’m trying to add signature on my AuthnRequest. I’ve tried to add some configuration to SamlStrategy but nothing appens on AuthnRequest XML. Do i need to use another module like XML-Crypto ? If yes, how??
This is the configuration for Strategy :
passport: {
strategy : 'saml',
saml : {
entryPoint : 'https://idp.idp.it/samlsso',
issuer : 'http://111.111.11.111:8000',
callbackUrl : 'http://111.111.11.111:8000/login/callback',
identifierFormat: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
decryptionPvk: fs.readFileSync('./config/saml.key'),
cert:'MII....Q==',
validateInResponseTo :true,
authnContext : 'urn:oasis:names:tc:SAML:2.0:ac:classes:name1',
protocol: 'http://',
attributeConsumingServiceIndex:0
}
}
This how route the login request, but i don’t know how to add signature on it
app.get("/login",
passport.authenticate(config.passport.strategy,
{
successRedirect : "/",
failureRedirect : "/login",
})
);
app.post('/login/callback',
passport.authenticate(config.passport.strategy,
{
failureRedirect: '/',
failureFlash: true
}),
function(req, res) {
res.redirect('/');
}
);
This is the SAML AuthnRequest xml :
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_6eefdebac845aec3b311"
Version="2.0"
IssueInstant="2015-03-30T09:47:12.835Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://111.111.11.111:8000/login/callback"
Destination="https://idp.idp.it/samlsso"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://111.111.11.111:8000</saml:Issuer>
<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
AllowCreate="true"
/>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Comparison="exact"
>
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:name1</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Issue Analytics
- State:
- Created 8 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
How to created signed AuthNRequest? - Stack Overflow
IDP wants me send the request as signed. My questions are: How do I set digest value? How do I set Signature value?...
Read more >How to Sign Authnrequest - ComponentSpace
Hello, working with a client of ours that has WSO2 as IdP, he configured our SP in his system to enable signature validation...
Read more >How to add signature on AuthnRequest · Issue #83 - GitHub
Hello, I'm trying to add signature on my AuthnRequest. I've tried to add some configuration to SamlStrategy but nothing appens on ...
Read more >Authentication request: bindings, signing and options
Signing. By default, the signature on AuthnRequests is ignored. Some use cases and features require AuthnRequest however to be signed. Contact ...
Read more >SAML AuthNRequest Examples - OneLogin Developers
There are 2 examples: An AuthnRequest with its Signature (HTTP-Redirect binding). An AuthNRequest with the signature embedded (HTTP-POST binding).
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Sorry, man. This was 4 years ago, impossible to remember
hi, I am also looking add signature to authn request rather than as query param. How did you solve it?