search

IdentityPython / pysaml2

Python implementation of SAML2
Apache License 2.0
554 stars 421 forks source link

Missing Destination in Response #770

Open peppelinux opened 3 years ago

peppelinux commented 3 years ago

a PySAML2 SP seems to accept a SAML Response with a missing Destination attribute, like the following

<samlp:Response ID="_4768c2f4-a8f2-4666-b40f-59173e6149e5" InResponseTo="id-Id3opS53KGqQDLuJI" IssueInstant="2021-01-24T02:12:03Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
peppelinux commented 3 years ago

If binding is HTTP-POST or REDIRECT Destination MUST be present and validated