saml-idp / saml_idp

Ruby SAML Identity Provider, best used with Rails (though not required)
MIT License
263 stars 181 forks source link

SLO Request without x509 certificate element #177

Closed kangguru closed 2 years ago

kangguru commented 2 years ago

I'm currently in the undertaking to integrate an SP with SamlIdp into our web platform. All works great but for some reason :) (still trying to figure out why) the SP will sign the SLO request but does not include a certificate element.

Due to: https://github.com/saml-idp/saml_idp/blob/master/lib/saml_idp/xml_security.rb#L49 the request is not validated. My question now is: Does it make sense to expand the validation code to also take a certificate as argument and use this to validate the signature? I just wanted to check how the feeling about this is, as i'm not a SAML expert.

Happy to hear your thoughts before i start wrapping up a PR for this.

kangguru commented 2 years ago

looks like this has been already addressed in the 18F fork 🎉