Validate signature in identity provider configuration not working properly.

Solution Verified - Updated -

Issue

  • Validate signature in identity provider configuration in RHSSO not working as expected.
  • There are two RHSSO instances in different environments, where one (let’s call it Alice) acts as the Identity Provider for the other (Boris). Boris is configured to have Alice as its SAML Identity Provider, while Alice lists Boris as one of its SAML client.
    Set Sign Documents and Sign assertions to FALSE in Alice and make Validate Signature to TRUE and Want Assertions signed to FALSE in Boris.
    In this case, the SAML-Response from Alice is accepted by Boris, despite the fact that Boris is supposed to validate a signature.
    Checking the SAML-response issued by Alice revealed that no signature was present in the document.

Environment

  • Red Hat Single Sign-On (RHSSO)
    • All versions

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content