search

SAML-Toolkits / python3-saml

MIT License
704 stars 309 forks source link

Deprecated signature algorithm found: http://www.w3.org/2000/09/xmldsig#rsa-sha1 #361

Closed aralyekta closed 1 year ago

aralyekta commented 1 year ago

Hi, I'm new to using SAML with django and I was following the tutorial at https://developers.onelogin.com/saml/python. Last friday, I was able to set it up and login through onelogin to the demo django app. However, 4 days later, I started getting 

invalid_response
Reason: Deprecated signature algorithm found: http://www.w3.org/2000/09/xmldsig#rsa-sha1

errors while trying to authenticate to onelogin from the same app. To check again, I set up another app from the same tutorial and I still get the same error. The webpage looks like below:

Screenshot 2023-06-20 at 12 38 17

What could be the reason?

aralyekta commented 1 year ago

Making these changes in advanced_settings.json helped fix the problem.

"rejectDeprecatedAlgorithm": false,
"wantAttributeStatement": false

However, it did not feel right to change these to false as this could bring security issues. Any recommendations?

pitbulk commented 1 year ago

At the IdP, you can define how the SAMLResponses gonna be signed, select a non deprecated algorithm. (SAML Signature Algorithm field)