Open seriouszyx opened 2 years ago
Hi, I've had the exact same issue and I've been able to generate the correct signature using this code:
if sp.SignAuthnRequests && sp.IdentityProviderSSOBinding == saml2.BindingHttpRedirect {
var doc *etree.Document
doc, err = sp.BuildAuthRequestDocument()
if err != nil {
return
}
url, err = sp.BuildAuthURLRedirect(callbackURL, doc)
} else {
url, err = sp.BuildAuthURL(callbackURL)
}
@russellhaering Is this the intented way of using the library ? I thought that BuildAuthURL
would have used something like this but it doesn't seem to be the case.
Regards, Romain
I'm using the latest gosaml2 and noticed that my identity provider (Keycloak) does not accept the signed AuthNRequest.
The reason is:
But it seems that the Redirect binding authUrl does not have SigAlg and Signature parameters, even though setting SignAuthnRequests to true and SPKeyStore to my own Keystore.
reference: https://github.com/spring-projects/spring-security/issues/7711