You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently idp_cert_multi allows a hashmap of certs for "signing" and "encryption". However, I don't think SAML actually supports encryption in this context--it's the SP's cert (public key) which is used for the IdP's encrypted assertions. Should we remove the concept of "IdP encryption certificates", and just make idp_cert_multi an array of signing certs?
defget_idp_cert_multireturnnilifidp_cert_multi.nil? || idp_cert_multi.empty?raiseArgumentError.new("Invalid value for idp_cert_multi")unlessidp_cert_multi.is_a?(Hash)certs={signing: [],encryption: []}%i[signingencryption].eachdo |type|
certs_for_type=idp_cert_multi[type] || idp_cert_multi[type.to_s]nextif !certs_for_type || certs_for_type.empty?certs_for_type.eachdo |idp_cert|
certs[type].push(RubySaml::Utils.build_cert_object(idp_cert))endendcertsend
The text was updated successfully, but these errors were encountered:
Currently idp_cert_multi allows a hashmap of certs for "signing" and "encryption". However, I don't think SAML actually supports encryption in this context--it's the SP's cert (public key) which is used for the IdP's encrypted assertions. Should we remove the concept of "IdP encryption certificates", and just make
idp_cert_multian array of signing certs?The text was updated successfully, but these errors were encountered: