I’m running into some issues working with the SSO and SAML app.
Following the advice of my university, I’ve checked the following boxes:
Signatures and Encryption offered:
o - Indicates that the nameID of the <saml:logoutRequest> sent by this SP will be encrypted
x - Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed.
x - Indicates whether the <samlp:logoutRequest> messages sent by this SP will be signed.
x - Indicates whether the <samlp:logoutResponse> messages sent by this SP will be signed.
? - Whether the metadata should be signed.
Signatures and encryption required:
x - Indicates a requirement for the <samlp:Response>, samlp:LogoutRequest and samlp:LogoutResponse elements received by this SP to be signed.
o - Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed.
o - Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.
o - Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.
o - Indicates a requirement for the NameID received by this SP to be encrypted.
o - Indicates if the SP will validate all received XML.
I’ve been struggling to get this set up with my university. When I have the box checked for “Whether the metadata should be signed.” - it always makes my meta data invalid.
I have tried with the site public and private keys. I’ve also tried to produce my own with the information found here: Janik von Rotz - Configure SAML Authentication for Nextcloud with Keycloack
Can anyone recommend any guidance for this?
So far I haven’t had any luck. Can anyone tell me what they’re using or how they get their SP keys working?