Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

samltest.id - Assertions must be signed #83

Open
AntoineLemaire opened this issue Oct 17, 2019 · 1 comment
Open

samltest.id - Assertions must be signed #83

AntoineLemaire opened this issue Oct 17, 2019 · 1 comment

Comments

@AntoineLemaire
Copy link

I'm trying to configure https://samltest.id/ to test my app

I so I configured the symfony-bridge :

light_saml_symfony_bridge:
    own:
        entity_id: "http://my_domain.loc"
        entity_descriptor_provider:
            id: my_entity_descriptor
        credentials:
            -
                certificate: '%saml.certificate%'
                key:         '%saml.key%'
                password:    ~
    party:
        idp:
            files: 
                - '%kernel.root_dir%/../src/App/Resources/metadata/samltest_metadata.xml'
    store:
        id_state: id_store

The samltest_metadata.xml has been download from https://samltest.id/saml/idp

For certificate & key, I tried to generate some with openSSL:
openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem

But I don't get what metadata I should upload to https://samltest.id/upload.php to be able to test it.

I tried that :

<?xml version="1.0"?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://my_domain.loc">
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <AssertionConsumerService index="0" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://my_domain.loc/saml/login_check"/>
  </SPSSODescriptor>
  <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://my_domain.loc"/>
    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://my_domain.loc"/>
  </IDPSSODescriptor>
</EntityDescriptor>

I'm well redirected to samltest.id for login, but when I come back to my application, I got a error Assertions must be signed - LightSamlContextException

Does someone knows what I did wrong?
Thanks for helping
@theNailz theNailz mentioned this issue Nov 19, 2019
Closed
@theNailz
Copy link

FYI: I did get the flow working with https://capriza.github.io/samling/samling.html, but not with https://samltest.id/ or https://stubidp.sustainsys.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theNailz @AntoineLemaire