[jira] [Assigned] (GUACAMOLE-1372) SAML module should be able to encrypt and sign requests

Wed, 29 Nov 2023 14:08:04 -0800 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Couchman reassigned GUACAMOLE-1372:
----------------------------------------

    Assignee: James Muehlner

> SAML module should be able to encrypt and sign requests
> -------------------------------------------------------
>
>                 Key: GUACAMOLE-1372
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1372
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-saml
>    Affects Versions: 1.3.0
>            Reporter: Michael Böhm
>            Assignee: James Muehlner
>            Priority: Minor
>             Fix For: 1.6.0
>
>
> Some IDPs and company's guidelines require SAML auth requests for a service 
> provider to be signed and optionally encrypted. Guacamole's SAML module 
> should be able to fetch a X509 certificate and private key from a config 
> parameter and use this data to sign and encrypt requests.
>  
> SP Metadata dummy:
> {{<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor 
> xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 
> entityID="https://PointOfContactServer/sps/DummySP/saml20";>}}
> {{<md:SPSSODescriptor 
> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">}}
> {{<md:KeyDescriptor use="signing">}}
> {{<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>}}
> {{<X509Data>}}
> {{<X509Certificate>... here goes Guacamole's certificate 
> ...</X509Certificate>}}
> {{</X509Data>}}
> {{</KeyInfo>}}
> {{</md:KeyDescriptor>}}
> {{<md:KeyDescriptor use="encryption">}}
> {{<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>}}
> {{<X509Data>}}
> {{<X509Certificate>... here goes Guacamole's certificate 
> ...</X509Certificate>}}
> {{</X509Data>}}
> {{</KeyInfo>}}
> {{<md:EncryptionMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>}}
> {{</md:KeyDescriptor>}}
> {{<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>}}
> {{<md:AssertionConsumerService 
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
> Location="https://PointOfContactServer/sps/DummySP/saml20/login"; index="0" 
> isDefault="true"/>}}
> {{</md:SPSSODescriptor>}}
> {{</md:EntityDescriptor>}}
>  
> Furthermore, IDP initiated SAML should be supported (or documented if it 
> already works).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to