By default we expect either the SAML response or SAML assertion to be signed. This is the WantAssertionOrResponseSigned configuration flag which defaults to true. We use the configured PartnerCertificate to perform the signature verification. If the signature fails to verify, an exception is thrown. The WantSamlResponseSigned flag specifies that the SAML response must be signed and the signature must verify. The WantAssertionSigned flag specifies that the SAML assertion must be signed and the signature must verify. If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post. https://www.componentspace.com/Forums/7936/Enabling-SAML-TraceI'd like to see the modified SAML assertion passing the signature verification.
Regards ComponentSpace Development
|