Comments (6)
I recently updated package dependencies. Can you try downgrading to "samlp": "0.14.0"
and let me know if that resolves your issue?
from saml-idp.
I am also able to validate the SAMLResponse message using https://www.samltool.com/validate_xml.php
<samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_aa83e2f0dfe8f5e88bd2"
Version="2.0"
IssueInstant="2017-03-13T18:32:26Z"
Destination="http://rain.okta1.com:1802/sso/saml2/0oamy8gz2llVopxdr0g3">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:example:idp
</saml:Issuer>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Version="2.0"
ID="_N8LJ6lUAMesfj737QVJdrqgLRz1vWStS"
IssueInstant="2017-03-13T18:32:26.447Z">
<saml:Issuer>urn:example:idp</saml:Issuer>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference
URI="#_N8LJ6lUAMesfj737QVJdrqgLRz1vWStS">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>3uH/E6SEIIXrsgIbdTXWE+
1MsxbJDO3WrhdvRD1eigw=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Pk/mN460VklvC2irnhLRT5txIjeZj6M7rMW6UFK8tOzZRqcnsmFwm3Uh0+SzFVkdTZm8HDKtMNiBGgZZ9dKBlwaEHvZN2lC0ngFxp2+fZQZuAp9LQC6hVqJgyJAHyRZ4Pz9cJFzEAqCCEzTo4i8/ssMbQ/aFrYBc1N0LYBLmPSZUdqH7TXxGo3VBKmsoW/414nf3N1cHV2hu4s45bk7bjaF1K6jrCEN9Qr/sK3HjxSfYuCWeDxW5mcfq3BsqI88hJ0rqPqm0LJqsivH8tmD138ndTG8e/0dTwR+
es3VQC6YIaEDLD0tyPvRMlFPoOpjb1pgr98lsc31RFRoU9oxHVw==
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDPDCCAiQCCQDydJgOlszqbzANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEQMA4GA1UEChMHSmFua3lDbzESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDMxMjE5NDYzM1oXDTI3MTExOTE5NDYzM1owYDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoTB0phbmt5Q28xEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGvJpRTTasRUSPqcbqCG+ZnTAurnu0vVpIG9lzExnh11o/BGmzu7lB+yLHcEdwrKBBmpepDBPCYxpVajvuEhZdKFx/Fdy6j5mH3rrW0Bh/zd36CoUNjbbhHyTjeM7FN2yF3u9lcyubuvOzr3B3gX66IwJlU46+wzcQVhSOlMk2tXR+fIKQExFrOuK9tbX3JIBUqItpI+HnAow509CnM134svw8PTFLkR6/CcMqnDfDK1m993PyoC1Y+N4X9XkhSmEQoAlAHPI5LHrvuujM13nvtoVYvKYoj7ScgumkpWNEvX652LfXOnKYlkB8ZybuxmFfIkzedQrbJsyOhfL03cMECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAeHwzqwnzGEkxjzSD47imXaTqtYyETZow7XwBc0ZaFS50qRFJUgKTAmKS1xQBP/qHpStsROT35DUxJAE6NY1Kbq3ZbCuhGoSlY0L7VzVT5tpu4EY8+Dq/u2EjRmmhoL7UkskvIZ2n1DdERtd+YUMTeqYl9co43csZwDno/IKomeN5qaPc39IZjikJ+nUC6kPFKeu/3j9rgHNlRtocI6S1FdtFz9OZMQlpr0JbUt2T3xS/YoQJn6coDmJL5GTiiKM6cOe+Ur1VwzS1JEDbSS2TWWhzq8ojLdrotYLGd9JOsoQhElmz+tMfCFQUFLExinPAyy7YHlSiVX13QH2XTu/
iQQ==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<saml:Subject>
<saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]
</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData
NotOnOrAfter="2017-03-13T19:32:26.447Z"
Recipient="http://rain.okta1.com:1802/sso/saml2/0oamy8gz2llVopxdr0g3"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions
NotBefore="2017-03-13T18:32:26.447Z"
NotOnOrAfter="2017-03-13T19:32:26.447Z">
<saml:AudienceRestriction>
<saml:Audience>https://www.okta.com/saml2/service-provider/spijgdcsgapqcemslqbw</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AttributeStatement
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:Attribute
Name="firstName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">Saml
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="lastName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">Jackson
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="displayName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">saml jackson
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">[email protected]
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="mobilePhone"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">+1-415-555-5141
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="groups"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">Simple IdP Users
</saml:AttributeValue>
<saml:AttributeValue
xsi:type="xs:string"> West Coast Users
</saml:AttributeValue>
<saml:AttributeValue
xsi:type="xs:string"> Cloud Users
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<saml:AuthnStatement
AuthnInstant="2017-03-13T18:32:26.447Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
from saml-idp.
This looks like it might be auth0/node-samlp#42
from saml-idp.
Thanks! I just pushed an update to rev the dependency to latest which will hopefully fix this.
from saml-idp.
Is this issue still open? I'm currently considering to use this package. :)
from saml-idp.
I experienced a similar error, though the error is pretty generic, so the cause could be completely different. Mine turned out to be caused by my config not including any user attributes, which was resulting in an assertion that included an empty AttributeStatement element. I put up a PR with the fix.
from saml-idp.
Related Issues (20)
- Not really clear how to use HOT 3
- "Invalid Session Participant" - incorrect session index exception HOT 1
- Getting 404 for all `bower_components` HOT 3
- Docker Compose build command fails with "Maximum call stack size exceeded" error HOT 2
- recommend samltest.id as demo HOT 1
- Is it possible to serve /metadata in human readable format? HOT 1
- Allowing commas in multiValue values
- Returning `httpServer` object from `runServer` HOT 2
- Bump dependency `node-samlp` HOT 1
- next is not a function HOT 2
- 'Invalid Session Participant' on SLO request despite the sessionIndex having the same value as in the authentication response HOT 1
- IDP Server cannot be stopped gracefully in jest integration tests HOT 1
- docker-compose.yml not compatible with Docker Compose v2?
- Assertion encryption not working. HOT 3
- Loosen `parseSamlRequest` and `showUser` HOT 1
- Release new version to NPM?
- CORS errors? HOT 5
- Yarn audit issues
- Can I use for testing with Keycloak? HOT 1
- Production Support HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from saml-idp.