Details
Description
When the option 'Validate Signature' is set on a broker SAML 2.0 IDP, KeyCloak throws an exception if the signature is placed inside an encrypted assertion of the response.
As this is a valid case of a signed SAML document, this error should not be thrown unless the signature is actually invalid.
The current implementation doesn't verify the message for encrypted assertions before searching the document for a signature on the response or assertion level.
Attachments
Issue Links
- relates to
-
KEYCLOAK-4897 SAML Adapter fails to validate signature on encrypted assertion
-
- Closed
-