-
Notifications
You must be signed in to change notification settings - Fork 672
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ADFS IdP loads metadata of disabled SAML IdP #1564
Comments
Maybe I'm not understanding it right, but simply adding an if for the setting around the code you quote would do it? |
It should. I did not test it yet. I will check later and create a PR. |
\n This issue has been automatically locked since there has \n not been any recent activity after it was closed.\n Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
ADFS IdPs load available SAML IdP metadata even though they are not enabled .
In combination with the install instructions provided in the documentation, which suggests copying the whole
metadata-templates/
content tometadata/
, probably erroneous configuration (in my case certificates not being available assaml20-idp-hosted.php
expects) is loaded.This will only interfere when using the created associationGroup, especially during SLO requests.
simplesamlphp/lib/SimpleSAML/IdP.php
Lines 94 to 100 in 43c1caf
To Reproduce
Steps to reproduce the behavior:
config/config.php
:adfs-idp-hosted.php
(e.g. with customized certificate location)saml20-idp-hosted.php
not found)Expected behavior
SAML IdP metadata should only be loaded if it has been enabled at all (
'enable.saml20-idp' => true,
).The text was updated successfully, but these errors were encountered: