Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Signature is invalid' error when logging out #167

Closed
thanos982 opened this issue Feb 22, 2021 · 3 comments
Closed

'Signature is invalid' error when logging out #167

thanos982 opened this issue Feb 22, 2021 · 3 comments

Comments

@thanos982
Copy link

I'm trying to get logging out to work and I get a Signature invalid error.

There is a signature in the XML of the service provider metadata, but the XML file doesn't seem to be loaded at all.
This is relevant to Issue #71 where the metadata persister is never called, hence the settings are never cached.

I tried to fix this manually but I run into several issues, mainly to do with the metadata_persister example method that's provided in the config file:

  • File.open Rails.root.join("cache/saml/metadata/#{fname}"), "wb" throws an error about the file being non existent
  • settings.to_h (where settings is an IncomingMetadata object) throws an error too.

Is there any workaround to this? How did anyone else get logging out to work?
@thanos982 thanos982 changed the title Signature is invalid when logging out 'Signature is invalid' error when logging out Feb 23, 2021
@Zogoo
Copy link
Collaborator

Zogoo commented Feb 24, 2021
edited
Loading

@thanos982
Thanks for your cooperation for this gem. I need to clarify what is your expected result.
I understand that following situation from your description, If you think I have misunderstood, please feel free to fix.

  1. You have an XML metadata file of SP.
  2. And you are trying to do SLO (single logout).
  3. And you already have the SP configuration, like mentioned in our README and Wiki.

And you are expecting that gem load your XML file and configure SP config for your SP service?

If it's possible, Can you share with us your SP config hash in here. I think if you do mask for your secret information might allow you or your team to share your SP config as a comment.

@thanos982
Copy link
Author

thanos982 commented Mar 3, 2021
edited
Loading

Thank you Zogoo.

I;m still not sure how and when the metadata_persister method is used

but I figured out that the URL of the metadata file in my SP config was wrong, that's why I couldn't get it to work.

@Zogoo
Copy link
Collaborator

Zogoo commented Apr 1, 2021

@thanos982
Personally, I will not suggest to use SP metadata persister if your SP is a 3rd party service or communication is over internet.
Or also your SP doesn't change the metadata content so often.
Because, SP metadata content from URL might be dangerous especially if your SP metadata URL not protected any authentication.
I would suggest to use RAW xml data and parse with SamlIdp::IncomingMetadata.new(sp_raw_metadata).

@sylph01 sylph01 mentioned this issue Feb 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thanos982 @Zogoo