I have been trying to create a solution using the ADFS for SSO.
When I try to send the signed request to ADFS I get the below error.
The SSO works fine for the unsigned request.
The decrypted SAMLRequest parameter to the ADFS looks like below:
<saml2p:AuthnRequest ID="_31ff4ded-8a4d-4c09-9e30-9423ef08bd56" Version="2.0" IssueInstant="2023-12-15T09:00:50Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://<server>/saml/acs" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
https://<server>//muse
</saml2:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>
<!--Removed from sample -->
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<!--Removed from sample -->
</SignatureValue>
</Signature>
</saml2p:AuthnRequest>
When I try to validate the SAML request using the https://www.samltool.com/validate_xml.php, I get the below error;
Line: 6 | Column: 0 --> Element '{http://www.w3.org/2000/09/xmldsig#}Signature': This element is not expected. Expected is one of ( {urn:oasis:names:tc:SAML:2.0:assertion}Conditions, {urn:oasis:names:tc:SAML:2.0:protocol}RequestedAuthnContext, {urn:oasis:names:tc:SAML:2.0:protocol}Scoping ).