Incompatible ID
markmishaev opened this issue · comments
When validating SAML response with OneLogin SAML tools, the validation fails because of incorrect IDs format (response and assertion).
Agreed - may not start with digit. Fix is to always prefix with e.g. MU
or _
.
There is better solution:
private final IdentifierGenerator idGenerator;
this.idGenerator = new SecureRandomIdentifierGenerator();
private String idUnique() {
return idGenerator.generateIdentifier();
}
Btw, the same should be done with AssertionID:
Assertion assertion = buildAssertion(principal, status, entityId);
assertion.setID(idUnique());
Guys, please take a look.
In my commit I covered all SAML ID's including the Assertion. See https://github.com/OpenConext/Mujina/blob/master/mujina-common/src/main/java/mujina/saml/SAMLBuilder.java#L117
I see, thanks!