mlsorensen commented on issue #4519: URL: https://github.com/apache/cloudstack/issues/4519#issuecomment-1437648244
I stumbled upon this - and from what I can see the validation of signature is dependent upon the IDP metadata containing a signing cert. If the IDP metadata XML doesn't specify a signing key, cloudstack simply doesn't check the signature. The sig checks are wrapped in code like `if (idpMetadata.getSigningCertificate() != null)`. So again I'd go back to the IDP configuration. Not sure if the IDP metadata in question is in an XML file on the cloudstack management server, or if it is being fetched via URL in this case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
