Closed alex88 closed 6 years ago
Guessing that the certificate you generated for your app is somehow not registered with ADFS, resulting in verification error.
You would have generated a private key and a corresponding certificate for Samly
. Samly
uses these when it communicates with the ADFS IDP.
When you setup the Relying Party Trust in ADFS, you have the option of entering the values manually or import the relying party (RP/SP) metadata from a file. You can choose the option "Import data about relying party from a file" - see item 3 on how to create this file.
Create this metadata file on your system by entering the SP Metadata URL (search Samly
doc) in a browser and save the response (source of the HTML response) in an XML file. This XML metadata file should be provided during the ADFS relying party trust setup for your app.
The SP Metadata XML file you saved will have the correct certificate embedded in it. ADFS will then use that certificate to verify the SAML 2.0 request originating from your application via Samly
.
Hope this helps. Please provide an update if this solves your issue.
Closing this. Feel free to reopen with additional information if you still have the issue.
Sorry for the delay, I've actually tried to use the output provided by this library with azure AD and it was throwing an error saying there request wasn't a valid SAML request. Using another library with the same key instead worked fine, unfortunately due timeline restrictions created by the customer I didn't have time to debug it further
Azure doesn't seem to sign the SAML response itself. It signs only the assertion.
It would be great if you are able to confirm this works if you set signed_envelopes_in_resp: false
in your samly config.
Check the following issue in esaml
:
https://github.com/handnot2/esaml/issues/18
Trying to add the domain to a ADFS IDP gives this error
does the certificate of the SDP has to match the one of the HTTPS server it's running on? What could be the problem?