Signature is invalid message from IDP #244
Description
-
I'm using saml-idp gem as a IDP and using destroy_user_sso_session_path to sign out of SP and IDP, but logout request has been rejected by IDP with message
Signature is invalid. -
This is my saml configuration below:
config.saml_configure do |settings| settings.assertion_consumer_service_url = "#{saml_sp_host}/users/saml/auth" settings.assertion_consumer_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" settings.name_identifier_format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" settings.sp_entity_id = "#{saml_sp_host}/users/saml/metadata" settings.idp_sso_service_url = "#{saml_idp_host}/saml/auth" settings.idp_slo_service_url = "#{saml_idp_host}/saml/logout" settings.idp_slo_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" settings.idp_cert = "-----BEGIN CERTIFICATE-----\n#{ENV["SAML_IDP_SECRET_KEY"]}\n-----END CERTIFICATE-----" settings.authn_context = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" settings.single_logout_service_binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" settings.security[:authn_requests_signed] = true settings.security[:logout_requests_signed] = true settings.security[:logout_responses_signed] = true settings.security[:metadata_signed] = true settings.security[:digest_method] = XMLSecurity::Document::SHA1 settings.security[:signature_method] = XMLSecurity::Document::RSA_SHA1 settings.security[:embed_sign] = false settings.security[:want_assertions_signed] = true end -
This is my logout request encoded XML:
fZFNS8QwEIb/Sm85xU7TrzRsC8IiLKweVDx4WdI06xbapGam4M+33XpYFLwEMrzPPDPJDvU4TOroP/xMz/ZztkjRfjl6p6n3rmYXoknF8eCNHi4eSaUAEK/YUlspFh32NTtBAnDOZcqFzCXPdGp4m3XAs7LIKp2ci6SslijibA8OSTuqmQCR8iThonyFSgGoPHln0ZsNeFWLO2DR1zg4VKuvZnNwymvsUTk9WlRk1Mv941EtQaURbVhHvkWm/5kpePLGD6zZrWl1nS40f1aWICGel/64LT5a0p0mvYtvsa3H02I57KMHH0ZN/+vXSt/x8zWqKGiHvXXEmpNoy7I1puVdlRc8AymXx7SWF7lsjRBSSGN/5Juv2W6/frL5Bg== -
Have I made a mistake or missed something?