Azure-docs: Signed SAML requests

Created on 16 Oct 2018 · 3Comments · Source: MicrosoftDocs/azure-docs

Hi,

Is it possible for the application to send signed saml requests? Where can i configure the certificate, so that azure ad can validate the signature on the request?

I read in a forum that azure ad ignores signatures on SAML requests. If that is true, it should be mentioned in the docs. (And why this is safe?)

Thanks,
Martin

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 8aac55fa-1799-ee74-543d-4f1477c024a0
Version Independent ID: 44e91059-fd03-ea15-5568-a708979b56f7
Content: Advanced certificate signing options in the SAML token for pre-integrated apps in Azure Active Directory
Content Source: articles/active-directory/manage-apps/certificate-signing-options.md
Service: active-directory
GitHub Login: @barbkess
Microsoft Alias: barbkess

active-directorsvc cxp in-progress product-question triaged

Source

mrmueller

👍1

All 3 comments

@mrmueller
Thanks for your feedback! We will investigate and update as appropriate.

MarileeTurscak-MSFT on 16 Oct 2018

@mrmueller Please check on this document Single Sign-On SAML protocol, in this section - Signature it states that - _Don't include a Signature element in AuthnRequest elements, as Azure AD does not support signed authentication requests._

MohitGargMSFT on 17 Oct 2018

👍1

Thanks for your response. This helps a lot.
Still, it would be great to know if azure just ignores the signature or if something will break and what the security implications of doing without a signature are.

Thanks again

mrmueller on 17 Oct 2018

👍1

Was this page helpful?

0 / 5 - 0 ratings