-
Suggestion
-
Resolution: Unresolved
-
None
-
23
-
Problem Summary:
Although the official SAML standards do not require it, many IdPs require a signed AuthNRequest for security reasons.
Thereby, authentication requests to IdPs that require the signature will fail with this error:
ERROR [http-nio-8017-exec-11] [onelogin.saml2.authn.SamlResponse] isValid The status code of the Response was not Success, was urn:oasis:names:tc:SAML:2.0:status:Requester -> Signature required
Customers cannot integrate such IDPs with Atlassian Cloud as the request always fails unless they tweak the IDP logic to not check for signed SAML requests.
Solution:
Optionally provided an SP SAML certificate to the IDPs that need the SAML requests to be signed
- is duplicated by
-
- Closed
- is related to
-
- Gathering Interest
- blocks
-
ACE-8120 You do not have permission to view this issue
- is addressed by
-
ENT-828 Failed to load
- mentioned in
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
-
-
-
-
[ACCESS-1213] Sign SAML Requests
| Support reference count | Original: 22 | New: 23 |
| Support reference count | Original: 21 | New: 22 |
| Remote Link | New: This issue links to "ACE-8120 (Atlassian Support System)" [ 1015677 ] |
| Support reference count | Original: 20 | New: 21 |
| Support reference count | Original: 19 | New: 20 |
| Support reference count | Original: 18 | New: 19 |
Hi,
Could we have an estimate on the consideration of this request? Roadmap?
Thanks in advance for the answer
| Support reference count | Original: 17 | New: 18 |
Hi,
Could we have an estimate on the consideration of this request? Roadmap?
Thanks in advance for the answer
This feature is critical for us, as SAML is the only viable option for SSO with Atlassian.
Unfortunately, not signing requests means that our IdP will refuse authentication.
It should not be too hard to implement, however I worry that being a feature that is more of interest to Admins, not much votes are to be expected, which is a shame.