search

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://casdoor.org
Apache License 2.0
9.2k stars 1.09k forks source link

[Feature] (SAML) Add optional assertion & message signing #2977

Open stephenjamieson opened 4 weeks ago

stephenjamieson commented 4 weeks ago

Is your feature request related to a problem? Please describe.

Some applications require both the assertion and message to be signed. Currently, Casdoor will sign the message only which does not meet the application requirements. As an aside, it may be a good idea to add signing for other parts of the response like the metadata as well if desired. Note that other providers such as Authentik have the same limitation.

Describe the solution you'd like

An option for each application that will sign both the message and assertion in the SAML response.

casbin-bot commented 4 weeks ago

@tangyang9464 @JalinWang @imp2002