SubjectConfirmation validation not working

Question

SubjectConfirmation validation not working

GrahamCampbell opened this issue 2 years ago · 2 comments

The following valid data is being rejected:

    <saml2:Subject>
      <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://samltest.id/saml/idp" SPNameQualifier="https://example.co/sso/saml2/223J5JXysUDoutRd1DHgmoYgVfk/metadata">KABUOZP2NMDOSU2L6ISHMEONVCFWVI2U</saml2:NameID>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml2:SubjectConfirmationData Address="81.102.133.168" InResponseTo="ONELOGIN_f08011d1c9d5cf2479c06d773709f124433f3541" NotOnOrAfter="2023-07-04T09:21:26.053Z" Recipient="https://example.com/sso/saml2/223J5JXysUDoutRd1DHgmoYgVfk/acs"/>
      </saml2:SubjectConfirmation>
    </saml2:Subject>

The issue seems to be that the library code only works with saml and not saml2, which is also allowed by the spec.

Answer 1 · 2023-07-05T10:08:42.000Z

Seems to be an issue, even if saml2 is replaced with saml, actually.

Answer 2 · 2023-07-20T16:59:44.000Z

@GrahamCampbell can you share what IdP are you using? What error do you get?