Giter Club home page Giter Club logo

Comments (6)

mcguinness avatar mcguinness commented on July 26, 2024

I recently updated package dependencies. Can you try downgrading to "samlp": "0.14.0" and let me know if that resolves your issue?

from saml-idp.

mcguinness avatar mcguinness commented on July 26, 2024

I am also able to validate the SAMLResponse message using https://www.samltool.com/validate_xml.php

<samlp:Response 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    ID="_aa83e2f0dfe8f5e88bd2"  
    Version="2.0" 
    IssueInstant="2017-03-13T18:32:26Z"  
    Destination="http://rain.okta1.com:1802/sso/saml2/0oamy8gz2llVopxdr0g3">
    <saml:Issuer 
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:example:idp
    </saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode 
            Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion 
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
        Version="2.0" 
        ID="_N8LJ6lUAMesfj737QVJdrqgLRz1vWStS" 
        IssueInstant="2017-03-13T18:32:26.447Z">
        <saml:Issuer>urn:example:idp</saml:Issuer>
        <Signature 
            xmlns="http://www.w3.org/2000/09/xmldsig#">
            <SignedInfo>
                <CanonicalizationMethod 
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <SignatureMethod 
                    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <Reference 
                    URI="#_N8LJ6lUAMesfj737QVJdrqgLRz1vWStS">
                    <Transforms>
                        <Transform 
                            Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <Transform 
                            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transforms>
                    <DigestMethod 
                        Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <DigestValue>3uH/E6SEIIXrsgIbdTXWE+
                        1MsxbJDO3WrhdvRD1eigw=
                    </DigestValue>
                </Reference>
            </SignedInfo>
            <SignatureValue>Pk/mN460VklvC2irnhLRT5txIjeZj6M7rMW6UFK8tOzZRqcnsmFwm3Uh0+SzFVkdTZm8HDKtMNiBGgZZ9dKBlwaEHvZN2lC0ngFxp2+fZQZuAp9LQC6hVqJgyJAHyRZ4Pz9cJFzEAqCCEzTo4i8/ssMbQ/aFrYBc1N0LYBLmPSZUdqH7TXxGo3VBKmsoW/414nf3N1cHV2hu4s45bk7bjaF1K6jrCEN9Qr/sK3HjxSfYuCWeDxW5mcfq3BsqI88hJ0rqPqm0LJqsivH8tmD138ndTG8e/0dTwR+
                es3VQC6YIaEDLD0tyPvRMlFPoOpjb1pgr98lsc31RFRoU9oxHVw==
            </SignatureValue>
            <KeyInfo>
                <X509Data>
                    <X509Certificate>MIIDPDCCAiQCCQDydJgOlszqbzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHSmFua3lDbzESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDMxMjE5NDYzM1oXDTI3MTExOTE5NDYzM1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB0phbmt5Q28xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGvJpRTTasRUSPqcbqCG+ZnTAurnu0vVpIG9lzExnh11o/BGmzu7lB+yLHcEdwrKBBmpepDBPCYxpVajvuEhZdKFx/Fdy6j5mH3rrW0Bh/zd36CoUNjbbhHyTjeM7FN2yF3u9lcyubuvOzr3B3gX66IwJlU46+wzcQVhSOlMk2tXR+fIKQExFrOuK9tbX3JIBUqItpI+HnAow509CnM134svw8PTFLkR6/CcMqnDfDK1m993PyoC1Y+N4X9XkhSmEQoAlAHPI5LHrvuujM13nvtoVYvKYoj7ScgumkpWNEvX652LfXOnKYlkB8ZybuxmFfIkzedQrbJsyOhfL03cMECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAeHwzqwnzGEkxjzSD47imXaTqtYyETZow7XwBc0ZaFS50qRFJUgKTAmKS1xQBP/qHpStsROT35DUxJAE6NY1Kbq3ZbCuhGoSlY0L7VzVT5tpu4EY8+Dq/u2EjRmmhoL7UkskvIZ2n1DdERtd+YUMTeqYl9co43csZwDno/IKomeN5qaPc39IZjikJ+nUC6kPFKeu/3j9rgHNlRtocI6S1FdtFz9OZMQlpr0JbUt2T3xS/YoQJn6coDmJL5GTiiKM6cOe+Ur1VwzS1JEDbSS2TWWhzq8ojLdrotYLGd9JOsoQhElmz+tMfCFQUFLExinPAyy7YHlSiVX13QH2XTu/
                        iQQ==
                    </X509Certificate>
                </X509Data>
            </KeyInfo>
        </Signature>
        <saml:Subject>
            <saml:NameID 
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]
            </saml:NameID>
            <saml:SubjectConfirmation 
                Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData 
                    NotOnOrAfter="2017-03-13T19:32:26.447Z" 
                    Recipient="http://rain.okta1.com:1802/sso/saml2/0oamy8gz2llVopxdr0g3"/>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions 
            NotBefore="2017-03-13T18:32:26.447Z" 
            NotOnOrAfter="2017-03-13T19:32:26.447Z">
            <saml:AudienceRestriction>
                <saml:Audience>https://www.okta.com/saml2/service-provider/spijgdcsgapqcemslqbw</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AttributeStatement 
            xmlns:xs="http://www.w3.org/2001/XMLSchema" 
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <saml:Attribute 
                Name="firstName" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">Saml
                </saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute 
                Name="lastName" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">Jackson
                </saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute 
                Name="displayName" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">saml jackson
                </saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute 
                Name="email" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">[email protected]
                </saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute 
                Name="mobilePhone" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">+1-415-555-5141
                </saml:AttributeValue>
            </saml:Attribute>
            <saml:Attribute 
                Name="groups" 
                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                <saml:AttributeValue 
                    xsi:type="xs:string">Simple IdP Users
                </saml:AttributeValue>
                <saml:AttributeValue 
                    xsi:type="xs:string"> West Coast Users
                </saml:AttributeValue>
                <saml:AttributeValue 
                    xsi:type="xs:string"> Cloud Users
                </saml:AttributeValue>
            </saml:Attribute>
        </saml:AttributeStatement>
        <saml:AuthnStatement 
            AuthnInstant="2017-03-13T18:32:26.447Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

image

from saml-idp.

graaff avatar graaff commented on July 26, 2024

This looks like it might be auth0/node-samlp#42

from saml-idp.

mcguinness avatar mcguinness commented on July 26, 2024

Thanks! I just pushed an update to rev the dependency to latest which will hopefully fix this.

from saml-idp.

mokxter avatar mokxter commented on July 26, 2024

Is this issue still open? I'm currently considering to use this package. :)

from saml-idp.

GreenGremlin avatar GreenGremlin commented on July 26, 2024

I experienced a similar error, though the error is pretty generic, so the cause could be completely different. Mine turned out to be caused by my config not including any user attributes, which was resulting in an assertion that included an empty AttributeStatement element. I put up a PR with the fix.

from saml-idp.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.