search

IdentityPython / pysaml2

Python implementation of SAML2
Apache License 2.0
555 stars 422 forks source link

Audience restriction check for SAML response processing #929

Closed sburnwal closed 1 year ago

sburnwal commented 1 year ago

After upgrading to pysaml2 ver 5.0.0, SP is complaining with the exception 'Not for me!!' when processing the SAML response. I know the audience restriction check is enforced now. I want to know if there is a way to disable the audience restriction check without making any changes on the IdP side. I also have 'allow_unsolicited': True for the SP but still same error.

Code Version

5.0.0

Expected Behavior

I just want to know if there is a way to disable audience check.

Current Behavior

Enforces audience check.

Possible Solution

N/A

Steps to Reproduce

N/A

c00kiemon5ter commented 1 year ago

hello @sburnwal

There is no setting controlling the audience restriction checks. They always take place. I think you should coordinate with the IdP you use, and have it set the proper values in the SAML Response.

sburnwal commented 1 year ago

Ok, thanks for the update