SP metadata generated by latest pyhton3-saml 1.4.0 can not be imported into ADFS

Comments

1 comment

  • Avatar
    Sixto Garcia

    It was added here:
    https://github.com/onelogin/python3-saml/pull/78

    It fixes a bug in the signature position. The right signed metadata scheme:

    <md:EntityDescriptor entityID="https://sp.example.com/SAML2" validUntil="2013-03-22T23:00:00Z"
        xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <!-- insert ds:Signature element ->
        <!-- insert md:SPSSODescriptor element -->
        <md:Organization>
          <md:OrganizationName xml:lang="en">Some Commercial Vendor of California</md:OrganizationName>
          <md:OrganizationDisplayName xml:lang="en">Some Commercial Vendor</md:OrganizationDisplayName>
          <md:OrganizationURL xml:lang="en">https://www.example.com/</md:OrganizationURL>
        </md:Organization>
        <md:ContactPerson contactType="technical">
          <md:SurName>SAML Technical Support</md:SurName>
          <md:EmailAddress>mailto:saml-support@example.com</md:EmailAddress>
        </md:ContactPerson>
      </md:EntityDescriptor>

    Reference:
    https://en.wikipedia.org/wiki/SAML_2.0#Service_Provider_Metadata


    You can verify that python3-saml generates this kind of SAML SP.
    Can you review ADFS logs? Maybe the metadata is rejected for other reason:
    - x509 certificate expiration
    - wrong x509 certificate
    - Different Sign Alg used

    1
    Comment actions Permalink

Please sign in to leave a comment.