SATOSA only_use_keys_in_metadata flag
by dirk.daems@vito.be
Hi,
we are using SATOSA to allow EduGAIN users to access our services. The service is protected by KeyCloak and in KeyCloak we configured SATOSA as a SAML Identity Provider.
Users from the EduGAIN access-check IdP can now access the service, but it looks like we have problems with some IdP's which don't have a signing key in the EduGAIN metadata.
When looking in file '/opt/satosa/lib/python3.5/site-packages/saml2/sigver.py' there is a flag 'only_use_keys_in_metadata' which looks to be set to True, which means that only signing keys from the metadata files are allowed. When I hardcode this flag to be set to False, also users from IdP's without a signing key can authenticate, but I can't seem to find where I can configure this in the SATOSA saml2_backend.yaml file. Is it possible to configure this flag in SATOSA?
Thanks,
Dirk
Indien u VITO Mol bezoekt, hou aub er dan rekening mee dat de hoofdingang voortaan enkel bereikbaar is vanuit de richting Dessel-Retie, niet vanuit richting Mol, zie vito.be/route.<http://www.vito.be/route>
If you plan to visit VITO at Mol, then please note that the main entrance can only be reached coming from Dessel-Retie and no longer coming from Mol, see vito.be/en/contact/locations.<http://www.vito.be/en/contact/locations>
VITO Disclaimer: http://www.vito.be/e-maildisclaimer
4 years, 11 months
- 2
- 1