Where should be configured Service Provider name and certificate #4
Comments
|
Hi @guillaumeeb! Thanks for the feedback. This is only the second time I've worked with SAML as an auth technology and I'm not totally sure what you're trying to do here. I think it has something to do with setting up... something... in the SAML SP metadata. I'll be going over the relevant specs today and I'll get back to you with a response. For now, can you try running through setting up the IdP first, and setting up the SP second? The location for the POST request should be Again, thanks for trying out the project! I'll get back to you (and hopefully I'll figure out how to support your use case) this week. I hope I can make this work for you! 😄 Please feel free to reach out via this issue or another issue any time. I love getting feedback like this! 😄 |
|
Ok @guillaumeeb, I've done a little digging on this, and I think I've come up with a compromise. I think I can add a static Adding a configurable service name should be pretty easy after that, and I want to add some more docs and code coverage metrics. I think that would be a good Going a little further, I think that SP-signed Authentication Requests are a bigger feature that I need some time to work on in a considerate manner. I'm not sure when I will get to work on that, so I think I want to put it into a Sound good? |
|
Hi @distortedsignal, thanks for being so reactive (much more than me apparently)! I'm really no SAML expert, the person which is in my organization told me that he find it weird to have an SP which initiated a SAML exchange without identifying itself. He sait to me that usually, the SP initiate the Exchange with its identity : a name and associated key. Currently, you just redirect the authentification to the IDP, which means (again according to my colleague), that it is finaly and IDP initiated auth. This may not be a stopper in my case, but the real SP initiated request was more appealing to my colleague, also for security reasons. It would be very nice if you could work on this. I can validate the features on my setup. |
|
Thanks for getting back to me @guillaumeeb! A few comments: Sorry about the disappearing/reappearing issues. I'll talk to my company's GitHub admins, make sure that we're on the same page about what this repo's needs are and how to best accomplish them. If you want to tag your SAML-savvy coworker, I would love to have them in this conversation as well. :) I think that if I'm going to be making a large change to the authenticator like you suggest for true SP-initiated requests, that may have to be a minor point release (whereas to this point all releases have been "bug fix releases" according to SemVer). That sounds like a good thing to add - I'll make a new release for that! :) Thanks for your help! |
guillaumeeb
changed the title
|
Hi folks! Sorry for jumping in here. I seem to be in the same boat, my case being an organisation-wide Azure AD. Currently, this is what Azure returns: I have been provided a |
|
See my response to #66 for how I 'solved' this in AWS. If The most important bits are
|
Hi,
Thanks for the work here !
I'm planning to try your module, and I have a question about the correct configuration for the Service Provider, where should I put the name and certificate of my SP in order for my IDP to identify it? Does this goes into the XML metadata file ?
The text was updated successfully, but these errors were encountered: