pysaml2 icon indicating copy to clipboard operation
pysaml2 copied to clipboard
verified publisher icon IdentityPython

InResponseTo with IDP initiated not match the saml-schema

Open josedesoto opened this issue 8 years ago • 0 comments

Hi,

I have seen when pysaml2 creates a SAML response from IDP initiate, it sets the attribute InResponseTo as:

InResponseTo=""

I have verify that some SPs complains about this. Taking a look to Oasis SAML documentation:

InResponseTo [Optional]: A reference to the identifier of the request to which the response corresponds, if any. If the response is not generated in response to a request, or if the ID attribute value of a request cannot be determined (for example, the request is malformed), then this attribute MUST NOT be present. Otherwise, it MUST be present and its value MUST match the value of the corresponding request's ID attribute.

As far I could understand in SAML response with IDP initiates the attribute InResponseTo should not be present.

josedesoto avatar Sep 21 '17 10:09 josedesoto