[CONFSERVER-59097] SAML AuthnRequest should be signed

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: Data Center - Core
Labels:
- SAML
- pse-request

UIS:
1
Support reference count:
4
Feedback Policy:

We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Although the official SAML standards do not require it, many IdPs require a signed AuthNRequest for security reasons.

However, Confluence DC (with the Atlassian SAML SSO plugin) is sending an auth request like this one and doesn't have an option to sign it:

DEBUG [http-nio-8017-exec-7] [onelogin.saml2.authn.AuthnRequest] <init> AuthNRequest -->2019-11-06 10:34:38,997 DEBUG [http-nio-8017-exec-7] [onelogin.saml2.authn.AuthnRequest] <init> AuthNRequest --><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_cc1deb92-97e7-451c-abd2-0bf93ddbd382" Version="2.0" IssueInstant="2019-11-06T18:34:38Z" Destination="https://my.idp.com/idp/SSO.saml2" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://my.confluence.com/plugins/servlet/samlconsumer"> <saml:Issuer>https://my.confluence.com</saml:Issuer></samlp:AuthnRequest>

Thereby, authentication requests to IdPs that require the signature will fail with this error:

ERROR [http-nio-8017-exec-11] [onelogin.saml2.authn.SamlResponse] isValid The status code of the Response was not Success, was urn:oasis:names:tc:SAML:2.0:status:Requester -> Signature required

is related to

JRASERVER-71288 SAML authentication assertions and responses should be signed

Gathering Interest

SAMLDC-40 Assertion encryption

Under Consideration

was cloned as

SAMLDC-57 SAML AuthnRequest should be signed

Waiting for Release

mentioned in: Page Failed to load; Page Failed to load

SET Analytics Bot made changes - 25/Apr/2025 4:11 AM

Support reference count

New: 4

SET Analytics Bot made changes - 21/Aug/2024 2:03 AM

UIS

Original: 2

New: 1

SET Analytics Bot made changes - 04/Jul/2024 2:03 AM

UIS

Original: 1

New: 2

SET Analytics Bot made changes - 23/May/2024 2:03 AM

UIS

Original: 0

New: 1

SET Analytics Bot made changes - 08/Dec/2023 2:01 AM

UIS

Original: 1

New: 0

SET Analytics Bot made changes - 02/Nov/2023 2:01 AM

UIS

Original: 0

New: 1

Sen Geronimo made changes - 31/Jan/2023 2:51 AM

Workflow

Original: JAC Suggestion Workflow 4 [ 3773766 ]

New: JAC Suggestion Workflow 3 [ 4340372 ]

SET Analytics Bot made changes - 04/Dec/2021 2:01 AM

UIS

Original: 1

New: 0

SET Analytics Bot made changes - 10/Nov/2021 2:02 AM

UIS

New: 1

Szczepan (Inactive) made changes - 23/Mar/2021 8:39 AM

Remote Link

Original: This issue links to "Page (Confluence)" [ 538127 ]

Assignee:: Unassigned

Reporter:: Lucas Machado (Inactive)

Votes:: 10 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 08/Nov/2019 7:21 PM

Updated:: 25/Apr/2025 4:11 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates