7:27 a.m.
Hi,
we are using SATOSA to allow EduGAIN users to access our services. The service is
protected by KeyCloak and in KeyCloak we configured SATOSA as a SAML Identity Provider.
Users from the EduGAIN access-check IdP can now access the service, but it looks like we
have problems with some IdP's which don't have a signing key in the EduGAIN
metadata.
When looking in file '/opt/satosa/lib/python3.5/site-packages/saml2/sigver.py'
there is a flag 'only_use_keys_in_metadata' which looks to be set to True, which
means that only signing keys from the metadata files are allowed. When I hardcode this
flag to be set to False, also users from IdP's without a signing key can authenticate,
but I can't seem to find where I can configure this in the SATOSA saml2_backend.yaml
file. Is it possible to configure this flag in SATOSA?
Thanks,
Dirk
Indien u VITO Mol bezoekt, hou aub er dan rekening mee dat de hoofdingang voortaan enkel
bereikbaar is vanuit de richting Dessel-Retie, niet vanuit richting Mol, zie
vito.be/route.<http://www.vito.be/route>
If you plan to visit VITO at Mol, then please note that the main entrance can only be
reached coming from Dessel-Retie and no longer coming from Mol, see
vito.be/en/contact/locations.<http://www.vito.be/en/contact/locations>
VITO Disclaimer: http://www.vito.be/e-maildisclaimer