Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In saml2 LogoutRequest from RP doesn't contain KeyInfo #10438

Closed
surkoff-v opened this issue Oct 22, 2021 · 2 comments · Fixed by #10450
Closed

In saml2 LogoutRequest from RP doesn't contain KeyInfo #10438

surkoff-v opened this issue Oct 22, 2021 · 2 comments · Fixed by #10450
Assignees
@jzheaux @surkoff-v
Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Milestone
5.6.0

Comments

@surkoff-v
Copy link
Contributor

LogoutRequest initiated from RP doesn't contain KeyInfo section. The same was fixed in #9746 by @fhanik for AuthRequest and merged by @jzheaux in main but there are two versions of OpenSamlSigningUtils

org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils and org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils

The first one has signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager()) in resolveSigningParameters but the second hasn't. I checked 5.6.0-RC1.

Just adding the same signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager()) in resolveSigningParameters

and the same

private static NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() { ... }

fixes the issue.
@surkoff-v surkoff-v added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Oct 22, 2021
@jzheaux
Copy link
Contributor

jzheaux commented Oct 26, 2021

Thanks, @surkoff-v, can you contribute a PR, including a test?

@jzheaux jzheaux added this to the 5.6.0 milestone Oct 26, 2021
@jzheaux jzheaux added in: saml2 An issue in SAML2 modules and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 26, 2021
@surkoff-v
Copy link
Contributor Author

Sure , I will prepare PR and test shortly

surkoff-v added a commit to surkoff-v/spring-security that referenced this issue Oct 28, 2021
@surkoff-v
Adding keyInfo section to LogoutRequest from RP side
d9834e0 
 Issue spring-projectsgh-10438
@surkoff-v surkoff-v mentioned this issue Oct 28, 2021
Merged
jzheaux pushed a commit that referenced this issue Oct 29, 2021
@surkoff-v @jzheaux
Adding keyInfo section to LogoutRequest from RP side
7330ec4 
 Issue gh-10438
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@surkoff-v surkoff-v

Labels
in: saml2 An issue in SAML2 modules type: bug A general bug
Projects
None yet
Milestone
5.6.0
Development

Successfully merging a pull request may close this issue.

Adding keyInfo section to LogoutRequest from RP side surkoff-v/spring-security
2 participants
@jzheaux @surkoff-v