question

AlexanderKalavitis-3968 avatar image
0 Votes"
AlexanderKalavitis-3968 asked ·

ADFS idpinitiatedsignon SAML assertion not signed

I am trying to extract SAMLResponse assertion via https://<adfs_domain>/adfs/ls/idpinitiatedsignon using a webview. The problem is that the SAMLResponse assertion is not signed and the signature is not included inside the assertion.

As a result I cannot validate the SAML assertion. We have configured ADFS with an ADFS signing cert since it is an IDP initiated flow.

Also we set the following property in ADFS: SamlResponseSignature = AssertionOnly

See attached for SAMLResponse.xml


adfs
samlresponse.xml (2.1 KiB)
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I can't repro this in my lab. What version of ADFS are you using?
Any error or warning in the ADF Admins logs?

0 Votes 0 ·

Also, is that the exact copy of the token? It seems that the section are in a different order than usual.

0 Votes 0 ·

0 Answers