Version 5.1.0 is not backwards compatibility with Microsoft ADFS
See original GitHub issueUpgrading from 5.0.0 to 5.1.0 without configuration changes to PySAML breaks connectivity using Microsoft ADFS. We are unsure what was added in 5.1.0 that causes this backwards compatibility issue other than it’s related to samlp:Extensions.
Code Version
5.1.0 and 5.0.0
Expected Behavior
That 5.1.0 is backwards compatible with 5.0.0 or otherwise document an upgrade strategy.
Current Behavior
When authenticating against MS ADFS using PySAML2 5.1.0, this the error that is logged in ADFS and the authentication fails. Downgrading to PySAML2 5.0.0 fixes the issue.
Exception details:
System.Xml.XmlException: MSIS0009: The <samlp:Extensions> element was encountered. To accept extensions, you must extend the SamlProtocolSerializer.
at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadExtensions(XmlReader reader, SamlMessage message)
at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonElements(XmlReader reader, SamlMessage message)
at Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader reader)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection)
at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Possible Solution
Document what has changed between versions 5.0.0 and 5.1.0 that causes this.
Steps to Reproduce
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:12 (6 by maintainers)
Top Results From Across the Web
Version compatibility in .NET Framework - Microsoft Learn
Backward compatibility means that an app that was developed for a particular version of a platform will run on later versions of that...
Read more >ADK 1903 v10.1.18362 (including WinPE add-on) backwards ...
It's not clear on the below link, is ADK 1903 v10.1.18362 (including the WinPE add-on) backwards compatible with Windows 10 1803 and Windows...
Read more >Azure PowerShell release notes - Microsoft Learn
Learn about all of the latest updates to the Azure PowerShell modules.
Read more >Active Directory Federation Services (AD FS) FAQ
This article provides answers to frequently asked questions about Active Directory Federation Services (AD FS).
Read more >ADFS 2016 compatibility - TechNet - Microsoft
Hello! I don't believe there exists a list of supported products/software for ADFS 2016, as there can be so many.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This is now available in
v5.2.0That’s great news! I’m closing this, since this is now resolved. I will try to get a release out asap.