-
-
Notifications
You must be signed in to change notification settings - Fork 470
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthnRequest Subject MUST NOT contain SubjectConfirmation #561
Comments
@Udachin Thanks for sharing this, I will need to research I think my doubts came from this reference: 3.4.1 Element
And also for the fact that the XSD allows it |
AuthnRequest is not resulting assertion |
4.1.4.1 in http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf says only about Web Browser SSO Profile, so probably (not sure) in another profiles its allowed to use this tag and therefore it exists in xsd. https://github.com/SAML-Toolkits/php-saml/blob/4.0.0/README.md
|
AuthnRequest::__construct with provided $nameIdValueReq add SubjectConfirmation but according to the SAML documentation this element (SubjectConfirmation ) MUST NOT contain any elements.
Link to SAML documentation: http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
Quote from SAML documentation:
The text was updated successfully, but these errors were encountered: