saml_idp icon indicating copy to clipboard operation
saml_idp copied to clipboard

Published 20 hours ago verified publisher icon saml-idp

Unclear meaning of attribute "validate_signature"

Open immerda opened this issue 3 years ago • 1 comments

There is an attribute "validate_signature" on the service provider. This attribute overrides whether service_provider.valid_signature? actually does check the signature of a document. However, if we ask if a request is valid, then only the metadata is checked and not this attribute.

My suggestion would be to unify all the occurrences under a method

def ServiceProvider::validateSignature?
  attributes[:validate_signature] || (metadata.respond_to?(:sign_authn_request?) && metadata.sign_authn_request?)
end

but I am not sure if this was the intended semantic?

immerda avatar Oct 05 '21 15:10 immerda

@immerda I understand your confusion because ServiceProvider class is actually not implemented properly which means ServiceProvider class and SP Metadata is not properly working together as you mentioned. We are going to simplify the gem structure and reduce configuration if SP metadata already has the configs otherwise it should be overridden by ServiceProvider configs as you mentioned.

Zogoo avatar Jan 07 '24 13:01 Zogoo

I will close this question since no other question has been raised for a long time. Please open it if you have more questions related to your original one.

Zogoo avatar Mar 13 '24 10:03 Zogoo