Adam ⚛ Stegman

I don't think I understand what's needed to solve this. Can you show me how you got this working?

Does your testing work when signing is disabled? Maybe it's an issue with what your IdP is expecting of signed requests.

Looks like the IdP requires signing for logout requests: https://github.com/saml-idp/saml_idp/blob/75ac2f1673e919d7c66a668c40f78e55b96195eb/lib/saml_idp/request.rb#L118 I'm not sure where it's getting your SP's fingerprint from, but it looks like maybe that's missing. It looks like...

Yes, your IdP should send you to the ACS URL along with a SAML response. It looks like the response your IdP is sending doesn't conform to the expected protocol....

Yes, but it's not part of this gem's API. Devise is statically configured, so you have to jump through some hoops to make it dynamic. I would suggest using [our...

Thanks, sorry we missed this! ❤️ Looks like some Base64 decoding code got included in this PR too—can you split that into a separate issue?

It sounds like there's a model validation for password. Can you share your model code too?

[`validatable` is adding that validation for you](https://www.rubydoc.info/github/plataformatec/devise/master/Devise/Models/Validatable). If you want to allow either form of authentication, you'll need to write your own validations so that password is not required. You'll...

That's an option. Here's the create user flow: https://github.com/apokalipto/devise_saml_authenticatable/blob/master/lib/devise_saml_authenticatable/model.rb#L54-L66. If you set `devise.saml_create_user = true`, you can set `devise.saml_update_resource_hook` to be a proc that accepts the user and generates a...

That's surprising, because the `Devise::SamlSessionsController` inherits from `Devise::SessionsController`, which definitely implements `create`. Have you modified either of those classes in your codebase?