As the title says, there WS-Fed request to an IDP is not standards (WS-Addressing) compliant. While an ADFS server seems to ignore this lack of compliance, other WS-Fed capable IDPs do not. The specific problem is a lack of wsa:MessageID attribute in the soap header.
I'm by no means even close to a C programmer, but I was able to get the plugin to work (for me) Below is the diff from my fix. I think the initial include of sipe-digest is unused and leftover from my initial attempt at solving this. This was done with 1.20.1.
diff sipe-svc.c.orig sipe-svc.c 40a41 > #include "sipe-digest.h" 234a236 > 246a249,260 > /* Testing MessageID Generation */ > struct sipe_tls_random id; > gchar *id_base64; > gchar *id_uuid; > gchar *soap_header; > gchar *body; > gboolean ret; > sipe_tls_fill_random(&id, 256); > id_base64 = g_base64_encode(id.buffer, id.length); > sipe_tls_free_random(&id); > id_uuid = generateUUIDfromEPID(id_base64); > 248c262 < gchar *soap_header = wsse_security ? --- > soap_header = wsse_security ? 253a268 > " <wsa:MessageID>uuid:%s</wsa:MessageID>" 257a273 > id_uuid, 261c277,279 < gchar *body = g_strdup_printf("<?xml version=\"1.0\"?>\r\n" --- > g_free(id_uuid); > g_free(id_base64); > body = g_strdup_printf("<?xml version=\"1.0\"?>\r\n" 276c294 < gboolean ret = sipe_svc_https_request(sipe_private, --- > ret = sipe_svc_https_request(sipe_private,
You are probably correct, WS-Addressing states that
wsa:MessageID
is mandatory withwsa:ReplyTo
.But I guess the content doesn't seem to be important, correct?
Fixed by commit 45447f0