Liviu Andron comments

Repositories
Issues
Comments

Results 3 comments of


                                            Liviu Andron

Missing exported function BuildAuthURLWithRedirect

Azure (Microsoft Entra ID) also needs this if "Verification certificates" is active: "AADSTS76022: Cannot verify the signature of received authentication request since there is no certificate for verification configured in...

Lowercase URL encoding in IdP response or request results in an IncorrectlySigned error.

A better possible solution seems to be keeping the original query parameters when validating the signature. Notice the `MUST`: ```` Further, note that URL-encoding is not canonical; that is, there...

SAML authentication requires signature for either SAML Response or its Assertion, not both

You can check them outside of the library by using `ResponseSignatureValidated` and `SignatureValidated` on each assertion, respectively.