ComponentSpace

Forums



ADFS signed response


ADFS signed response

Author
Message
deancwagner
deancwagner
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 7
I know this isn't really the right forum, but I'm hoping to find an answer.  We built our SAML implementation (service provider) to expect the response to be signed. We're working on getting a client who uses ADFS set up.  The integration guide says "It’s recommended that SAML messages or assertions from the identity provider are signed.", but I can't find any documentation that says how to sign the response.  I know this is an ADFS question, but if someone knows the answer I would greatly appreciate it.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You can do this through the -SamlResponseSignature MessageOnly setting of the Set-AdfsRelyingPartyTrust PowerShell cmdlet.

https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=windowsserver2019-ps

However, my recommendation is to expect either the SAML response or SAML assertion to be signed by the identity provider. This is how we default in later versions of the product. It means you don't have to require additional configuration in the case of ADFS.




Regards
ComponentSpace Development
deancwagner
deancwagner
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 7
ComponentSpace - 4/5/2021
You can do this through the -SamlResponseSignature MessageOnly setting of the Set-AdfsRelyingPartyTrust PowerShell cmdlet.

https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsrelyingpartytrust?view=windowsserver2019-ps

However, my recommendation is to expect either the SAML response or SAML assertion to be signed by the identity provider. This is how we default in later versions of the product. It means you don't have to require additional configuration in the case of ADFS.



Thank you.  That change is on my backlog, it's just not going to make it in time for this client.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Fair enough.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search