esaml icon indicating copy to clipboard operation
esaml copied to clipboard

Published 20 hours ago verified publisher icon arekinath

XML redirect binding should strip signature

Open kanes115 opened this issue 5 years ago • 0 comments

According to the SAML RFC when using redirect binding and encoding method DEFLATE there should be no signature in SAMLRequest. It should be put in the url parameter.

[1] https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf (section 3.4.4.1)

kanes115 avatar Aug 29 '19 08:08 kanes115