search

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS
https://saml-sp.flipboxfactory.com/
Other
19 stars 5 forks source link

ERROR: Signature required but not found #209

Closed paragonn closed 9 months ago

paragonn commented 9 months ago

We have the plugin configured and Azure configured, but we are receiving the error below. Any ideas?


2024-02-14 19:54:58 [web.WARNING] [saml-core] Signature required but not found: Response {"memory":8439064}
2024-02-14 19:54:58 [web.ERROR] [Exception] Signature required but not found: Response {"trace":["#0 /var/www/ijmna/ijm.org/htdocs/vendor/flipboxfactory/saml-sp/src/validators/Response.php(86): flipbox\\saml\\sp\\validators\\SignedElement->validate()","#1 /var/www/ijmna/ijm.org/htdocs/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(113): flipbox\\saml\\sp\\validators\\Response->validate()","#2 [internal function]: flipbox\\saml\\sp\\controllers\\LoginController->actionIndex()","#3 /var/www/ijmna/ijm.org/htdocs/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array()","#4 /var/www/ijmna/ijm.org/htdocs/vendor/yiisoft/yii2/base/Controller.php(178): yii\\base\\InlineAction->runWithParams()","#5 /var/www/ijmna/ijm.org/htdocs/vendor/yiisoft/yii2/base/Module.php(552): yii\\base\\Controller->runAction()","#6 /var/www/ijmna/ijm.org/htdocs/vendor/craftcms/cms/src/web/Application.php(304): yii\\base\\Module->runAction()","#7 /var/www/ijmna/ijm.org/htdocs/vendor/yiisoft/yii2/web/Application.php(103): craft\\web\\Application->runAction()","#8 /var/www/ijmna/ijm.org/htdocs/vendor/craftcms/cms/src/web/Application.php(289): yii\\web\\Application->handleRequest()","#9 /var/www/ijmna/ijm.org/htdocs/vendor/yiisoft/yii2/base/Application.php(384): craft\\web\\Application->handleRequest()","#10 /var/www/ijmna/ijm.org/htdocs/web/index.php(12): yii\\base\\Application->run()","#11 {main}"],"memory":8098360,"exception":"[object] (Exception(code: 0): Signature required but not found: Response at /var/www/ijmna/ijm.org/htdocs/vendor/flipboxfactory/saml-sp/src/validators/SignedElement.php:51)"}
dsmrt commented 9 months ago

I think this will help:

https://saml-sp.flipboxfactory.com/faqs.html#signature-required-but-not-found

paragonn commented 9 months ago

Yes, that fixed the issue--thanks!

dsmrt commented 9 months ago

Just please make sure you don't set requireAssertionToBeSigned=false. Azure AD/Entra doesn't sign the Response but they do sign the Assertions and we need to verify that appropriately.

Basically, just make sure it's only set like this:

return [
    // assertion is required but not the response
    'requireResponseToBeSigned' => false,
];

and NOT!

return [
    // THIS IS BAD! (sorry for the yelling here but it's important ;)
    'requireResponseToBeSigned' => false,
    'requireAssertionToBeSigned' => false,
];