Skip to content

SAMLResponse validation error #557

New issue
New issue
Open
Open
SAMLResponse validation error#557
@tve

Description

@tve
tve
opened on Dec 20, 2024

The SAMLResponse below raises ERR_FAILED_TO_VERIFY_SIGNATURE whether I use @authenio/samlify-xmllint-wasm or @authenio/samlify-xsd-schema-validator. When I paste the response into https://www.samltool.com/validate_xml.php it comes out as valid.

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://www.sensorgnome.net/saml/attr" ID="id-d60d0534-fbcf-483f-8070-2b9bff832d8b" InResponseTo="_ebf77387-3456-4911-a41e-f5fe5b6252b5" IssueInstant="2024-12-20T18:18:51.952Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.motus.org</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-d60d0534-fbcf-483f-8070-2b9bff832d8b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>6mz343wl3fk+58z4uOEHSkE4xr+U5LiTwOo9CJCEnm8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
pILxjU7nWcv+8A3lBBgaEjiXDqPwM99LfVnhGSZ/dMP+OMPD04OhffpAscS6joicwuRfkUt3UOek&#13;
LrPsg7qNIA/tk/6LToWdSGGS2ybg+9ULK+PVZlF2ndO5XxZ+KuBPh5lE64+2v/cBVyCwVI4846HY&#13;
Eq5Pb308aAvyb8MW1UedCvd0dAbuoDPOxZ8kZ/DFfm8Iqw1lOeLJojs1c2OYSC8iqn+Ns17mvq+1&#13;
DpFd/ZDkNbWHjbxpLlqU0KT3FcNWaLI0seD7HPZ0tqHZvMwNuFnF2yciBQa4S6tyUnjkEaTjexl6&#13;
Iqs3cR74vnP6BoxxY5bJNqU1rZlN1l91LcAIsA==
</ds:SignatureValue>
</ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-cd6b5e74-b2c4-4066-be39-30b46becb5f5" IssueInstant="2024-12-20T18:18:51.952Z" Version="2.0"><saml2:Issuer>https://sandbox.motus.org</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-cd6b5e74-b2c4-4066-be39-30b46becb5f5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>mVrI1h5iZqdKHAs/oPqw9YpiddZRMZmurEpcLEFuhgo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
VydrOcXUfv80wbJ8fqXiKpL7PRGu58LmGP5ovpITjt4dmMIMmTSMUKF3L5XRtQdTFcfGctvX3YUA&#13;
oixLAhnq5cRCL2vQrAFpyvPdxFMj08OC3zHmjxxiKLQLugin+y3hdNlpNhjMwOXSOmvGN7Qm2hdA&#13;
rQMDYqlFQ6Q42bvn6Tb5CwMNsXaPMqZHZ5PPFzUjwYIc8cCF1dGHaAseUdrm3ACSxDtbyEGBiFqA&#13;
n4abGDslRNoX5TziiV4WnQeMhS7RraDdFUs6FxzSz7iSo01aioxczBTtBRVaqcmoMzDhIT/UC18F&#13;
pP1U+YEm6rNOgoeT1TV0fmnargWrATG3bvKBRw==
</ds:SignatureValue>
</ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">27319</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_ebf77387-3456-4911-a41e-f5fe5b6252b5"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotOnOrAfter="2024-12-20T18:28:51.935Z"><saml2:AudienceRestriction><saml2:Audience>https://www.sensorgnome.net</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2024-12-20T18:18:51.934Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="Email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml2:AttributeValue>[email protected]</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="EditProjects" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml2:AttributeValue>349,2,1,460,565</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="Name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml2:AttributeValue>Thorsten von Eicken</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions