saml-idp · Zogoo · Jan 4, 2024 · Dec 21, 2023 · Dec 21, 2023
diff --git a/lib/saml_idp/controller.rb b/lib/saml_idp/controller.rb
@@ -81,8 +81,8 @@ def encode_authn_response(principal, opts = {})
         session_expiry,
         name_id_formats_opts,
         asserted_attributes_opts,
-        signed_assertion_opts,
         signed_message_opts,
+        signed_assertion_opts,
         compress_opts
       ).build
     end

diff --git a/spec/lib/saml_idp/controller_spec.rb b/spec/lib/saml_idp/controller_spec.rb
@@ -91,6 +91,12 @@ def params
         expect(response.issuer).to eq("http://example.com")
       end
 
+      it "should by default create a SAML Response with a signed assertion" do
+        saml_response = encode_response(principal)
+        response = OneLogin::RubySaml::Response.new(saml_response)
+        response.settings = saml_settings("https://foo.example.com/saml/consume", true)
+        expect(response.is_valid?).to be_truthy
+      end
 
       [:sha1, :sha256, :sha384, :sha512].each do |algorithm_name|
         it "should create a SAML Response using the #{algorithm_name} algorithm" do

diff --git a/spec/support/saml_request_macros.rb b/spec/support/saml_request_macros.rb
@@ -40,7 +40,8 @@ def add_securty_options(settings, authn_requests_signed: true,
                                     logout_requests_signed: true, 
                                     logout_responses_signed: true,
                                     digest_method: XMLSecurity::Document::SHA256,
-                                    signature_method: XMLSecurity::Document::RSA_SHA256)
+                                    signature_method: XMLSecurity::Document::RSA_SHA256,
+                                    assertions_signed: true)
     # Security section
     settings.idp_cert = SamlIdp::Default::X509_CERTIFICATE
     # Signed embedded singature
@@ -51,6 +52,7 @@ def add_securty_options(settings, authn_requests_signed: true,
     settings.security[:metadata_signed] = digest_method
     settings.security[:digest_method] = digest_method
     settings.security[:signature_method] = signature_method
+    settings.security[:want_assertions_signed] = assertions_signed
     settings.private_key = sp_pv_key
     settings.certificate = sp_x509_cert
   end