Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-38254

Problem to send signed AuthnRequest messages

    Details

      Description

      I would like to enable signed AuthnRequest messages for the SAML Portlet. I've already set the saml.sp.sign.authn.request property in portal-ext.properties to true and the http://localhost:8080/c/portal/saml/metadata metadata correctly shows <md:SPSSODescriptor AuthnRequestsSigned="true" ...

      However, the sent AuthnRequest is still not being signed. I already debugged and found out that the outboundSAMLMessageSigningCredential in the samlMessageContext is correctly set. I think one reason for this problem is that when I click on the Sign In link, the HTTP-Redirect Binding is used which obviously does not support signatures because of the limited URL length.

      Hence, I've set the IDP metadata to HTTP-Post in order to force Liferay to use POST binding. However, I get an Exception when I click on Sign In because LR wants to use HTTP-Redirect and this is not allowed anymore due to this changed config. So, on one hand, there seems to be no support for HTTP-POST binding for AuthnRequest, yet. But on the other hand, there is this saml.sp.sign.authn.request property which should enable AuthnRequest signing.

      Best Regards from UBL, Neu-Isenburg, Germany.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 2 weeks, 2 days ago

                Packages

                Version Package
                6.1.X EE
                6.2.0 CE B1