You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was created in response to an issue where an SP was misconfigured but we didn't notice until we connected the SP to a different IdP but were puzzling over why suddenly the signature was broken.
I agree that OpenConext is not required to validate the signature (changed this to enhancement).
However if an SP sends a signature anyway this could be indicative of a misconfigured SP or worse an SP that expects request verification because it wants us to redirect to a different ACS or it wants to be used as an SP proxy (like Stepup Gateway) but we simply ignore it.
Somewhere there is a difference between what we expect the SP to send and what it actually sends. While I agree that we shouldn't break on it, ideally you'd inform the SP so it doesn't expect us to do something we don't.
At the very least this should trigger a log warning.
The text was updated successfully, but these errors were encountered: