Closed lars-at-nxc closed 4 years ago
The issue has been solved.
I the enterprise application had its own metdata XML.
Hi @lars-at-nxc
Glad you were able to resolve the issue. Hope you enjoy the plugin and let us know if you encounter anything else.
Hi,
I am reviewing your plugin for a project we are working on where we plan on using Azure AD as the IdP. I have configured the IdP with a metadata XML that I got from the URL: https://login.microsoftonline.com/4aabb8b3-4214-4492-bdbf-1a2b6cd12450/FederationMetadata/2007-06/FederationMetadata.xml
Everything look promising until I return from the IdP after login. Then I get an exception "Unable to validate Signature".
When I review the Response message it seems like the certificate included in Response/Assertion/Signature/KeyInfo/X509Data/X509Certificate is not one of the three keys from the metadata XML. I do not understand why this is the case, but I guess we can add it manually to the metadata XML.
I am also not able to verify the Response signature using the certificate returned in the Response. I have tried to use both openssl CLI and the online tool: https://www.samltool.com/validate_response.php. The online tool gives me the error "Signature validation failed. Reference validation failed".
Do you have any knowledge of issues with configuring Azure AD against your plugin?
Best regards Lars