search

penn-state-dance-marathon / python3-saml-django

Implement SAML Single Sign-On in your Django project quickly and easily.
MIT License
24 stars 7 forks source link

Signature validation failing using Microsoft AD as IdP #23

Open striker4150 opened 2 years ago

striker4150 commented 2 years ago

Attempting to log out results in a signature validation error. According to the onelogin docs:

Some IdPs, notably Microsoft AD, use lower-case url-encoding, which makes signature validation to fail. To fix this issue, either pass query_string and set validate_signature_from_qs to True, which works for all IdPs, or set lowercase_urlencoding to True, which only works for AD.

As can be seen in views.py, neither validate_signature_from_qs nor lowercase_urlencoding is set, and I suspect that this is causing my configuration to fail. Could someone please look into this? Thanks.

ngearhart commented 2 years ago

We can add this as a configuration option. Feel free to open a pull request, but I can also get this done in a few days.

eljeffeg commented 1 year ago

Curious if this was completed as I'm trying to figure out why my logout is failing and we're using MS.