Skip to content

HTTP-Redirect: Missing Signature and SigAlg parameters in SAMLRequest Url (AuthNRequest) #89

Description

@seriouszyx

I'm using the latest gosaml2 and noticed that my identity provider (Keycloak) does not accept the signed AuthNRequest.

The reason is:

But it seems that the Redirect binding authUrl does not have SigAlg and Signature parameters, even though setting SignAuthnRequests to true and SPKeyStore to my own Keystore.

reference: spring-projects/spring-security#7711

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions