FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    SAML SSO Service Provider Sign Requests set to False in Metadata URL

    Scheduled Pinned Locked Moved
    General Discussion
    0
    2
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      48yogen
      last edited by

      Hi, we are trying to use the AuthnRequests signed using redirect but facing an issue with XML metadata files returned by FusionAuth (FusionAuth metadata url) which is sent forward to IdP. We are currently using the latest version 1.22.2

      As per my understanding, the XML provided by the "Metadata URL" should contain the X.509 signature, and AuthnRequestsSigned should be set to "true".

      Below is a snippet from the XML metadata when "Sign Requests" is set to true.

      <ns2:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      1 Reply Last reply Reply Quote 1
      • robotdanR
        robotdan
        last edited by

        This looks to be a bug. Tracking here: https://github.com/FusionAuth/fusionauth-issues/issues/1067

        Thanks for letting us know.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post