New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

turn on security.wantMessagesSigned #23

Open

simevo opened this issue Jul 24, 2018 · 1 comment

Labels

Owner

simevo commented Jul 24, 2018

regole tecniche:

1.3.1. REGOLE DI PROCESSAMENTO DELLA < RESPONSE> Alla ricezione qualunque sia il binding utilizzato il Service Provider prima di utilizzare l’asserzione deve operare almeno le seguenti verifiche: controllo delle firme presenti nella e nella ...

simevo added the assessment label

simevo pushed a commit that referenced this issue


          fix #23

78f4116

Owner Author

simevo commented Aug 14, 2018

the underlying package can be easily configured to request signed Responses (just set security.wantMessagesSigned in https://github.com/simevo/spid-php2/blob/master/src/Config/OneLoginConfig.php#L97) but the signature then becomes mandatory, which is not what we want, see regole tecniche page 28:

nell’ elemento ... può [essere] presente l’elemento riportante la firma

also see:
italia/spid-testenv2#67

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment