Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-778

Picketlink (version picketlink-impl-2.5.5.SP1-redhat-1, runtime environment) ignores EntityId configuration from picketlink.xml config file

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • None

    Description

      Picketlink (version picketlink-impl-2.5.5.SP1-redhat-1, runtime environment) ignores EntityId configuration from picketlink.xml config file.

      Due to this limitation, we have to create an individual SP configuration item on our IdP for each Assertion Consumer Service Location, instead of using one EntityID for multiple ACS-URL’s. This is inefficient and does not scale for our enterprise.

      picketlink.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
      <PicketLinkSP
      xmlns="urn:picketlink:identity-federation:config:2.1"
      EntityID="http://localhost:9080/XXX/"
      ServerEnvironment="tomcat"
      BindingType="POST"
      SupportsSignatures="true"
      CanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#">

      SAML-Request send by Picketlink:
      <?xml version="1.0" encoding="UTF-8"?>
      <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceURL="http://vm98222216.sv.db.de/bpa/" Destination="https://sso.test.service.deutschebahn.com/saml/idp/profile/redirectorpost/sso" ForceAuthn="false" ID="ID_9068ecb8-4eb0-4e3b-9e9d-c49fb9b74f18" IsPassive="false" IssueInstant="2018-02-23T13:04:32.064Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://vm98222216.sv.db.de/bpa/</saml:Issuer>
      <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
      <dsig:SignedInfo>
      <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <dsig:Reference URI="#ID_9068ecb8-4eb0-4e3b-9e9d-c49fb9b74f18">
      <dsig:Transforms>
      <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
      <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      </dsig:Transforms>
      <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <dsig:DigestValue>bBL...dsig:DigestValue>
      </dsig:Reference>
      </dsig:SignedInfo>
      <dsig:SignatureValue>joHr...</dsig:SignatureValue>
      <dsig:KeyInfo>
      <dsig:KeyValue>
      <dsig:RSAKeyValue>
      <dsig:Modulus>sheLQP...</dsig:Modulus>
      <dsig:Exponent>AQAB</dsig:Exponent>
      </dsig:RSAKeyValue>
      </dsig:KeyValue>
      </dsig:KeyInfo>
      </dsig:Signature>
      <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
      </samlp:AuthnRequest>

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            ag1237 Andreas Gilbert (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: