You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using ADFS3 as the IDP, the signature and digests fails validation by mismatched hashes.
Not sure if there is a configuration issue on my end, but from what I can see the problem is due to carriage returns, tabs and whitespace being left in the canonicalized string.
Would be great to see this fixed if indeed it is a problem (not sure if you support ADFS3.0), the fix I implemented merely stripped out undesired excess characters which caused the digests to mismatch, have no tested against other IdP's.
Using ADFS3 as the IDP, the signature and digests fails validation by mismatched hashes.
Not sure if there is a configuration issue on my end, but from what I can see the problem is due to carriage returns, tabs and whitespace being left in the canonicalized string.
Would be great to see this fixed if indeed it is a problem (not sure if you support ADFS3.0), the fix I implemented merely stripped out undesired excess characters which caused the digests to mismatch, have no tested against other IdP's.
Original:
canon_hashed_element = canoner.canonicalize(hashed_element)...
canon_string = canoner.canonicalize(signed_info_element)Fix:
canon_hashed_element = canoner.canonicalize(hashed_element).gsub(/\n\t/, " ").gsub(/>\s*</, "><")...
canon_string = canoner.canonicalize(signed_info_element).gsub(/\n\t/, " ").gsub(/>\s*</, "><")The text was updated successfully, but these errors were encountered: