Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing exported function BuildAuthURLWithRedirect #98

Open
TheGreatAbyss opened this issue Oct 31, 2022 · 1 comment
Open

Missing exported function BuildAuthURLWithRedirect #98

TheGreatAbyss opened this issue Oct 31, 2022 · 1 comment

Comments

@TheGreatAbyss
Copy link

Hello thank you for this Library!

I need to use this library with PingOne and with signed authentication requests. There is currently no exported function to build an Auth URL with the HTTP Redirect Binding.

The current function BuildAuthURL calls the function BuildAuthURLFromDocument which has this singular line of code:

return sp.buildAuthURLFromDocument(relayState, BindingHttpPost, doc)

Unless this is a bug and it's supposed to call BindingHttpRedirect, the library appears to be missing the exported function BuildAuthURLWithRedirect

I have a PR in my personal Git with the requested changes: https://github.com/TheGreatAbyss/gosaml2/pull/1/files

If you would grant me access to the repo I'd be happy to push a branch and open a MR.

Thank You
-- Eric

@landron
Copy link

landron commented Oct 31, 2023

Azure (Microsoft Entra ID) also needs this if "Verification certificates" is active: "AADSTS76022: Cannot verify the signature of received authentication request since there is no certificate for verification configured in the application."

This issue says that the equivalent of BuildAuthURL is missing:

buildAuthURLWithRedirect := func(sp *saml.SAMLServiceProvider, relayState string) (string, error) {
  doc, err := sp.BuildAuthRequestDocument()
  if err != nil {
    return "", err
  }
  return sp.BuildAuthURLRedirect(relayState, doc)
}

Because of using BindingHttpRedirect instead of BindingHttpPost, this function call will add SigAlg= and Signature= query parameters next to SAMLRequest=.
(Personally, I would have them added all the time).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants