django-auth-adfs icon indicating copy to clipboard operation
django-auth-adfs copied to clipboard

Published 20 hours ago verified publisher icon snok

`ProviderConfig._load_federation_metadata` loads expired certificates

Open erfaan opened this issue 1 year ago • 1 comments

The ADFS Server 2012 R2 configuration looks like this: Screenshot 2024-05-21 at 5 10 21 PM

Please note that the first certificate is active whereas the second one is expired.

The Federation metadata lists both certificates under fed:SecurityTokenServiceType.

Following code loads all certificates including the expired one.

https://github.com/snok/django-auth-adfs/blob/378f14129d774ac035804e09f7b6a1b3f5a3f71f/django_auth_adfs/config.py#L295-L304

This causes the callback to fail with "Signature verification failed" error.

erfaan avatar May 21 '24 21:05 erfaan