Hi,
I have purchased the component space API and implemented the SMAL 2.0 in our ASP.NET application. I am able to login to the application using SP initiated and IDP initiated SSO successfully. I have followed the below settings in the active directory to make it work.
https://www.componentspace.com/Forums/39/ADFS-SAML-SSO-ADFS-as-the-Identity-ProviderClaims-Provider
Then I have removed the signature from the active directory as shown in below picture. Still I am able to login with the IDP initiated login. It should not let us to login after delete the signature. It shows that the application is failing to validate the signature.
Is there any settings or parameter, I am missing in the SAML configuration? Please help me to resolve this issue.
Regrds,
Sundar
Hi Sundar,
The Signature tab in the relying party’s properties refers to the SP certificate that’s used to verify signatures on messages received from the SP.
If no certificate is configured under the Signature tab, ADFS doesn’t expect the SAML authn request sent by the SP to be signed. Any signature that is included is ignored. SAML SSO will continue to work.
The SAML assertion sent to the SP is signed using ADFS’s private key. This is not part of the relying party configuration.
If you want to confirm the SAML assertion signature is being verified correctly, change the partner identity provider’s certificate in your SAML configuration (eg saml.config) to something like the sp.cer that we ship. SSO should fail as the signature won’t verify.