ComponentSpace

Forums



ADFS Idp initiated SSO logins in without validating the IDP signature


ADFS Idp initiated SSO logins in without validating the IDP signature

Author
Message
sundares80
sundares80
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Awaiting Activation
Posts: 1, Visits: 15
Hi,

I have purchased the component space API and implemented the SMAL 2.0 in our ASP.NET application. I am able to login to the application using SP initiated and IDP initiated SSO successfully. I have followed the below settings in the active directory to make it work.
https://www.componentspace.com/Forums/39/ADFS-SAML-SSO-ADFS-as-the-Identity-ProviderClaims-Provider

Then I have removed the signature from the active directory as shown in below picture. Still I am able to login with the IDP initiated login. It should not let us to login after delete the signature. It shows that the application is failing to validate the signature. 
Is there any settings or parameter, I am missing in the SAML configuration? Please help me to resolve this issue.




Regrds,
Sundar


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Sundar,

The Signature tab in the relying party's properties refers to the SP certificate that's used to verify signatures on messages received from the SP.

If no certificate is configured under the Signature tab, ADFS doesn't expect the SAML authn request sent by the SP to be signed. Any signature that is included is ignored. SAML SSO will continue to work.

The SAML assertion sent to the SP is signed using ADFS's private key. This is not part of the relying party configuration.

If you want to confirm the SAML assertion signature is being verified correctly, change the partner identity provider's certificate in your SAML configuration (eg saml.config) to something like the sp.cer that we ship. SSO should fail as the signature won't verify.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search