0 Replies Latest reply on Jan 18, 2012 3:14 PM by Pedro Igor

    SPPostSignatureFormAuthenticator is not Validating Signatures

    Pedro Igor Master




          It seems that  SPPostSignatureFormAuthenticator Valve is not checking signatures of SAML Assertions returned by the IDP because the value of the validateSignature property is always false. During the Valve startup only the supportSignatures is set to true.


          Is there some other way for enable signature validation by this Valve ?


          Here is a patch that I used to overcome this problem. Is this patch really needed ?


      Index: SPPostSignatureFormAuthenticator.java


      --- SPPostSignatureFormAuthenticator.java    (revision 1323)

      +++ SPPostSignatureFormAuthenticator.java    (working copy)

      @@ -69,7 +69,8 @@



             this.supportSignatures = true;

      +     this.validateSignature = true;


             KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();

             if (keyProvider == null)

                throw new LifecycleException(ErrorCodes.NULL_VALUE + "KeyProvider");



      Pedro Igor