222twotwotwo opened a new pull request, #152:
URL: https://github.com/apache/dubbo-go-pixiu-samples/pull/152

   <!--  Thanks for sending a pull request! 
   -->
   
   **What this PR does**:
   
   这个 PR 修复了 `auth/saml` 示例按 README 配置后无法完成 Keycloak 登录的问题。Keycloak SAML client 
默认要求 SP 对 AuthnRequest 签名,但当前 Pixiu SAML filter 不会生成该签名,导致 Keycloak 拒绝登录请求并报 
`invalid_signature` / `SigAlg was null`。
   
   - 在 README 中说明 Keycloak SAML client 默认要求 AuthnRequest 签名,而当前 Pixiu SAML 
filter 不会生成该签名。
   - 在英文和中文 README 中补充 `kcadm.sh` 配置步骤,将 `saml.client.signature` 设为 
`false`,同时保留 `saml.server.signature=true` 和 `saml.assertion.signature=true`,确保 
IdP 到 SP 的 Response / Assertion 签名仍然开启。
   
   
   **Which issue(s) this PR fixes**:
   <!--
   *Automatically closes linked issue when PR is merged.
   Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
   _If PR is about `failing-tests or flakes`, please post the related 
issues/tests in a comment and do not use `Fixes`_*
   -->
   Fixes #141 
   
   **Special notes for your reviewer**:
   
   **Does this PR introduce a user-facing change?**:
   <!--
   If no, just write "NONE" in the release-note block below.
   If yes, a release note is required:
   Enter your extended release note in the block below. If the PR requires 
additional action from users switching to the new release, include the string 
"action required".
   -->
   ```release-note
   NONE
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to