-
1. Re: Strange invalid Signature in SAML Assertion
stephan68 Dec 7, 2012 9:00 AM (in response to stephan68)Thats the created assertion:
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s21c382e142398ef50ce94892f6056ed6de020a27d" IssueInstant="2012-12-07T14:57:59.016+01:00" Version="2.0">
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="https://some.url.com">eZOuCF+zGDyKB3UbmE6QXt3bkAio</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="responseID" NotOnOrAfter="2012-12-07T14:57:59.016+01:00" Recipient="https://some.url.com/saml/SP/AssertionConsumerService"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2012-12-07T14:57:59.016+01:00" NotOnOrAfter="2012-12-07T14:57:59.016+01:00">
<saml:AudienceRestriction>
<saml:Audience>https://some.url.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2012-12-07T14:57:59.016+01:00" SessionIndex="s2264354343fd33a0827ed381021027deb36c1ff01">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Group">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">users</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="GroupType">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">the-group</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Nachname">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Lastname</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Role">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">plain</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="UniqueID">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">1000172</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Vorname">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">first-name</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#s21c382e142398ef50ce94892f6056ed6de020a27d">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>nW/nIgYpHmu8TaEGyNlTCLPNSsM=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>dCZ2haoMJbjk6r7YLO+Z70EHge/i5xxmP/bSIOashxmpAs7kyilnjlPN10I7vgOBeA89d+KcQ9lU
CNrDlwauB7sFLsMt2VDR+A7uHWTeIjyceTlG1pmwI9THgnOveYzpV9LfhxkWaMuttnJWX7q+e9Dy
RXenksBLH73eG2u6SCY=</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>ohszr7eLZuc73cQUoN65AY39WLA5vAnvSPbFSEDWKB72VZJw48Ls8uYDK52jcEb1b7kCTmvxj20K
iiRgyyq1WcZULfuysJuzlkH3fhSxyNSnxGVC2k4F9FhSyDYgeVXrnfNSuv+zxaIZm7Lt/CmnUm8F
S3T25DQPbyHxycbdOvM=</dsig:Modulus>
<dsig:Exponent>AQAB</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
</saml:Assertion>
{code:xml}