ADFS idpinitiatedsignon SAML assertion not signed

Alexander Kalavitis 1 Reputation point

I am trying to extract SAMLResponse assertion via https://<adfs_domain>/adfs/ls/idpinitiatedsignon using a webview. The problem is that the SAMLResponse assertion is not signed and the signature is not included inside the assertion.

As a result I cannot validate the SAML assertion. We have configured ADFS with an ADFS signing cert since it is an IDP initiated flow.

Also we set the following property in ADFS: SamlResponseSignature = AssertionOnly

See attached for SAMLResponse.xml

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,221 questions
{count} votes