Werk #15448: SAML: response signature is optional
Component | Setup, site management | ||||||
Title | SAML: response signature is optional | ||||||
Date | Mar 22, 2023 | ||||||
Level | Trivial Change | ||||||
Class | New Feature | ||||||
Compatibility | Compatible - no manual interaction needed | ||||||
Checkmk versions & editions |
|
Checkmk required both the response and the assertion statement to be signed in order to accept an authentication request response from the identity provider. However, as per the SAML specifications, only the assertion statement signature is required and the response signature is optional. For this reason, authentication request responses that only have the assertion statement signed are now accepted.
See section 4.1.3.5 in: http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf