Comments (3)
longsleep
commented on June 12, 2024
Thanks for the feedback. Konnect loads the metadata from the configured URI. So all information from there could be used.
Seems like an easy change at https://github.com/Kopano-dev/konnect/blob/master/identity/authorities/saml2.go#L124-L126 assuming the issuer URI is found in the meta data (for example by using EntityID).
For example
diff --git a/identity/authorities/saml2.go b/identity/authorities/saml2.go
index 632f003..79fbf2e 100644
--- a/identity/authorities/saml2.go
+++ b/identity/authorities/saml2.go
@@ -122,7 +122,7 @@ func (ar *saml2AuthorityRegistration) Authority() *Details {
}
func (ar *saml2AuthorityRegistration) Issuer() string {
- return ar.metadataEndpoint.String()
+ return ar.serviceProvider.IDPMetadata.EntityID
}
func (ar *saml2AuthorityRegistration) Validate() error {
(END)I am looking at https://github.com/keycloak/keycloak/blob/master/services/src/main/resources/idp-metadata-template.xml - can you please check where to find the Issuer URI if its not the metadata URI and report back?
We could add a configuration field for this if not possible to retrieve the issuer URI from anywhere.
from konnect.
cbxnet-ali
commented on June 12, 2024
I just confirmed with my test-setup. Looks like keycloak is using it's entity-id so your fix would be sufficient.
If needed, I could test the fix next monday.
from konnect.
longsleep
commented on June 12, 2024
Thanks for confirming - the above path will be included in the next release.
from konnect.
Related Issues (15)
- Access tokens use algo 'PS256' which seems not to be supported/implemented by any token verifier .... HOT 7
- Authentication via SAML IDP possible? HOT 18
- `--log-level` not available for `cookie` ? HOT 2
- Embedding Konnectd as dependency? HOT 4
- Is there any way to map the user information user info as returned via the userinfo_endpoint to a user in ldap? HOT 4
- Further improve usage as library HOT 1
- Make identifier-webapp optional
- [Spec] Graph Backend HOT 1
- Add eye icon for password field
- subject is based on the ldap dn, which is neither stable, nor non-reassignable HOT 3
- redirect_uri's require trailing slash on logout? HOT 2
- Commit f8c1f4a (current top) does not build HOT 10
- Get memberOf LDAP property as Claim attribute of JWT token. HOT 1
- SIGSEGV on startup due to uri parse error in identifer-registration.yaml HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from konnect.