I don't have much experience with SAML so please correct me if I have anything wrong.
From what I understand, signing requests that are sent to identity providers is optional (specific identity providers might require it).
The following guard clause in the HttpRedirectBindingBuilder.SigningKey setter seems to back this up - null is allowed.
// Check if the key is of a supported type. [SAMLBind] sect. 3.4.4.1 specifies this.
if (!(value is RSACryptoServiceProvider || value is DSA || value == null))
{
throw new ArgumentException("Signing key must be an instance of either RSACryptoServiceProvider or DSA.");
}
I was getting a null reference exception in this expression within SamlMessage.AuthnRequestForIdp() when I left the ServiceProvider's SigningCertificate property null.
I don't have much experience with SAML so please correct me if I have anything wrong.
From what I understand, signing requests that are sent to identity providers is optional (specific identity providers might require it).
The following guard clause in the HttpRedirectBindingBuilder.SigningKey setter seems to back this up - null is allowed.
I was getting a null reference exception in this expression within SamlMessage.AuthnRequestForIdp() when I left the ServiceProvider's SigningCertificate property null.
SigningKey = config.ServiceProvider.SigningCertificate.PrivateKey,
My change will result in the SigningKey being set to null if the ServiceProvider's SigningCertificate is null.