Sending Signature as a query string in SAML requests
We have an idP where we need to enable signature validation in authentication requests and logout requests. The validation works by checking if there is a signature parameter in the url as it validates through HTTP-Redirect. but i couldn't figure out how i make Gitlab sends the Signature
in the querystring along with SigAlg
parameter. This is the current saml configuration:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
args: {
assertion_consumer_service_url: 'https://gitlab-ce-host/users/auth/saml/callback',
idp_cert_fingerprint: 'xxxxxxxxxxxxxx',
idp_cert_fingerprint_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1',
idp_sso_target_url: 'https://idp-host/samlsso',
idp_sso_target_binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
issuer: 'https://gitlab-ce-host',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
certificate: 'xxxxxxxxxxxxxxxxx',
private_key: 'xxxxxxxxxxxxxxxxx'
},
label: 'Login' # optional label for SAML login button, defaults to "Saml"
}
Edited by 🤖 GitLab Bot 🤖