tngan
tngan
@coreypmurphy You can ask your ADFS team to check the signing order first. Either it can be changed on their side or you could set the option in order to...
@SJAnderson Please send an email to [email protected] in order to get rid of private stuffs. I will update this thread if we find out the issue.
Looks like the xpath of signature node varies with different IDP. I need to check it right the way. From the schema we have right now, the Signature node must...
@gingerwizard Yes, we don't check it right now, we just extract the essential information from the response, and delegate the checking process to user side now, we only provide decryption...
@damionvega Please try out the latest v2.8.2 with patches. v2.8.0 and v2.8.1 has import issue after upgrading some dependencies. If the problem still exists, can you export the idp metadata...
@damionvega We have `elementsOrder` options in SP metadata. See if we wanna add one more for identity provider construction.
@damionvega No need. v3 is planned to release early next year.
WIP Specification and progress https://www.craft.do/s/yrWIQbmVtCHARh
@yahyajamali53 Please double check if the raw response (xml) has the assertion section, and also double check the xpath of assertion.
The decrypted response is using `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` but signing only response is taking `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`. However, I think this is not the cause, samlify doesn't manipulate the response, the one you decrypted...