The DDF SAML Implementation
| Issue | Section | Specification Snippet |
|---|---|---|
| Does not respond with SAML error responses with a toplevel status code but throws an exception instead. | Core 3.4.1.4 | If the responder is unable to authenticate the presenter or does not recognize the requested subject, or if prevented from providing an assertion by policies in effect at the identity provider (for example the intended subject has prohibited the identity provider from providing assertions to the relying party), then it MUST return a <Response> with an error <Status>. |
When the IdP is issuing LogoutRequests to SPs, the NameID is missing all of its XML attributes. |
Profiles 4.4.4.1 | The principal MUST be identified in the request using an identifier that strongly matches the identifier in the authentication assertion the requester issued or received regarding the session being terminated, per the matching rules defined in Section 3.3.4 of SAMLCore. |
- Start and install DDF.
NOTE: If installing through the UI, theusers.attributesfile underetc/must be changed so that the admin email is[email protected]instead ofadmin@localhost.- Copy the content of the
samlconf-sp-metadata.xmlfile. - On DDF, navigate to
AdminConsole -> Security -> Configuration -> IdPServer -> SP Metadata - Paste the content as a new entry.
- Copy the content of the
- If DDF, hostname and port was changed during installation (i.e. it's not on
https://localhost:8993/)- Copy DDF's IDP metadata from
https://<hostname>:<port>/services/idp/login/metadata - Paste the content to the ddf-idp-metadata.xml file
under
<samlconf>/implementations/ddf/ddf-idp-metadata.xmlwhere<samlconf>is the root directory of the test kit distribution.
- Copy DDF's IDP metadata from
- Run the
samlconfscript underdeployment/distribution/build/install/samlconf/binwith-i ../implementations/ddf -l.