-
**Describe the bug**
Logout in Google Workspace fails when SimpleSAMLphp is used as identity provider. The following stack trace appears:
```
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
…
-
In #120, encryption support for EngineBlock was severely limited. Specifically, Shib IdPs with a default setup can no longer be used to authenticate to Engineblock. For SURFconext is is not really a…
-
What do you think?
https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing
Review how Zend avoid this kind of attacks:
https://github.com/zendframework/zf1/blob/828191781995123e2a58…
-
Please, keep in mind that I'm completely missing the full meaning of what I am reporting below. I just "implemented" a quick and dirty workaround.
**Office365 assertion malformed when using externa…
-
PingIdentity is allowing that. It is a sizable provider. I am assuming the SAML2 spec is allowing it. Currently, SimpleSamlPHP is not allowing it. All ACS's must match the ones in the registered sp me…
-
As the first PHP version which supported namespacing is already EOL, I think it's time to move on and use proper namespaces (like _SAML2\Assertion\Processor_ instead of _SAML2_Assertion_Processor_).
…
-
EB API will return a 404 when asked for consent if the feature is disabled. This will return a symfony error in profile
-
![afbeelding](https://user-images.githubusercontent.com/841045/198067006-e2bb89cc-b2f0-402d-b9a0-5f9f8be101df.png)
Oct 26 16:40:06 sv2010532 STEPUP-SELFSERVICE[602]: {"channel":"app","level":"E…
-
Currently, EB's validation of ACS locations in the AuthnRequest seems to work like this:
- If the ACSLocation in the AuthnRequest is also defined in the metadata, use it.
- Otherwise (unknown ACS loca…
-
Would it be possible to include the development specific roles to the existing OpenConext deploy tests? We often experience issues during the provisioning of our dev vm while the build for that revisi…