Closed futureimperfect closed 9 years ago
When you set "wantNameIdEncrypted": true the Service Provider expects that the Identity Provider sent a SAMLResponse with a saml:EncryptedID in the Assertion element instead of a saml:NameID.
If not, you get the "The NameID of the Response is not encrypted and the SP require it." message.
Thanks, @pitbulk. Do you know what OneLogin, (the identity provider in this case), expects these values to be? Is it contingent on how I've configured the SAML Test Connector in OneLogin, (e.g., the assertions that are included in the response)?
By default OneLogin NameID is unencrypted so set wantNameIdEncrypted as false.
Hello,
I'm working on adding SAML support to a few internal tools and I'm running into a problem when I set the security values to
true
inadvanced_settings.json
. For what it's worth, I have no issues when all of these are set to false except forsignMetadata
. The above error message is displayed when I callauth.get_last_error_reason()
, and I can confirm that the response is not encrypted. I have used SAML Tool to create the self-signed certificates and placed insaml/certs
, as well as placed directly insaml/settings.json
.Here's my
settings.json
file:And here's my
advanced_settings.json
file:I'm using version 2.1.2 of python-saml on Ubuntu with a Flask app, and nginx as the reverse proxy.
Any help is appreciated. Thanks!