I ran into an issue getting with getting "Invalid Signature on SAML Response" on a response with with idp_cert_multi set. The IdP is ADFS if anyone's searching. I tracked it down to a hash access keys.
IdpMetadataParser#certificates uses string keys to save the keys, 'signing' and 'encryption'. This is a problem in Settings#get_idp_cert_multi when it tries to access the cert with the keys :signing and :encryption. In plain Ruby without ActiveSupport's HashWithIndifferentAccess the two forms are not interchangeable.
I was able to work around it with the two lines after parse_remote when I initialize the settings:
def self.get_saml_settings(url_base)
# retrieve settings from IdP
unless @settings
idp_metadata_parser = OneLogin::RubySaml::IdpMetadataParser.new
@settings = idp_metadata_parser.parse_remote(ENV['SSO_IDP_METADATA_URL'])
# save the parts of the cert with symbol keys
@settings.idp_cert_multi[:signing] = @settings.idp_cert_multi['signing']
@settings.idp_cert_multi[:encryption] = @settings.idp_cert_multi['encryption']
end
...
# the rest of the settings
end
I ran into an issue getting with getting "Invalid Signature on SAML Response" on a response with with
idp_cert_multiset. The IdP is ADFS if anyone's searching. I tracked it down to a hash access keys.IdpMetadataParser#certificatesuses string keys to save the keys,'signing'and'encryption'. This is a problem inSettings#get_idp_cert_multiwhen it tries to access the cert with the keys:signingand:encryption. In plain Ruby without ActiveSupport's HashWithIndifferentAccess the two forms are not interchangeable.I was able to work around it with the two lines after
parse_remotewhen I initialize the settings: