1
J'ai développé un IdP SAML personnalisé pour l'un de nos clients. Toutefois, lorsque vous essayez de transmettre la réponse suivante au SP, il échoue. J'ai essayé de valider la réponse en utilisant certains des outils en ligne de SAML disponibles en ligne et je vois quelques erreurs mais je n'arrive pas à comprendre ce qui ne va pas. Quelqu'un peut-il aider s'il vous plaît?Réponse SAML xml non valide
<Response xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_8ad9eb0c-c65c-4327-ae76-ae238ca17e96"
Version="2.0"
IssueInstant="2017-06-28T13:53:06.9612024Z"
Destination="https://crnm.lessonly.com/auth/saml/callback"
xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml:Issuer>https://crnm.lessonly.com/auth/saml/metadata</saml:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</Status>
<saml:Assertion Version="2.0"
ID="_4761e320-64e8-4d8a-a443-2e4e2ccb3e98"
IssueInstant="2017-06-28T13:53:06.9612024Z"
>
<saml:Issuer>https://crnm.lessonly.com/auth/saml/metadata</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://crnm.lessonly.com/auth/saml/callback"
NotOnOrAfter="2017-06-28T13:58:06.9768269Z"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2017-06-28T13:53:06.9768269Z"
NotOnOrAfter="2017-06-28T13:58:06.9768269Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://crnm.lessonly.com/auth/saml/metadata</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2017-06-28T13:53:06.9768269Z"
SessionIndex="_4761e320-64e8-4d8a-a443-2e4e2ccb3e98"
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="UserID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xsd:string">125481</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xsd:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="first_name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xsd:string">Angel1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="last_name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xsd:string">Milev1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xsd:string">Angel1 Milev1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_4761e320-64e8-4d8a-a443-2e4e2ccb3e98">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>UB/5XN1dGa2/w0aKRmmq2oFvbOE=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>JTkUhfmk2ngPQnFtSC41WQodJj0MyCHw8oCJbEQE32vgViV4ucVvaim4jKMMD6B7JIkvCtuyu8II5h6oJOSsXQK0x03hlQFqpdgj/1Be53v9H90PWTgJ1mr41jF2AQTgAcdJmuV05oI23KxI+5jNFifri+POHSEfRU+k0Phyh+UTA2DlhFnbn5DAjzhnIu4e+L35QJBCSwZy7zT+NDr7dzL/JLAQOC79PlaM4cbjn9ri2bUwS3T1QFMQqsxGOl+ggaAwGWWNQlCV2Se2tZ1rLVUpZ5lB611GIbysBmghy5gtDe3htDHsp8IkuJnRf4lndjral7FVmZ1pdPhdK7HTgTA=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDUTCCAjigAwIBAgIBADANBgkqhkiG9w0BAQ0FADBCMQswCQYDVQQGEwJjYTERMA8GA1UECAwITWFuaXRvYmExDTALBgNVBAoMBENSTk0xETAPBgNVBAMMCENSTk0uQ09NMB4XDTE3MDYyMTE5MzEzNloXDTI3MDYxOTE5MzEzNlowQjELMAkGA1UEBhMCY2ExETAPBgNVBAgMCE1hbml0b2JhMQ0wCwYDVQQKDARDUk5NMREwDwYDVQQDDAhDUk5NLkNPTTCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggECAPbVJtzJTRQvSkAOl8sGUymWy0K1yNKI11Vf8eDnHiH/awkgSu9JORwochJdHPnTA8qA1KaH7IxIIZX8wYkXsE9OxRkUAv+xWHemVBRrUc64wlotfghCCziaPuhinPKxQ63BlIkj0u/KOmdXcGvOfYasBK0Gr4IVpL7X4CdXTDKQPF5Y6zV7Ed5lgjDcO3wG1klHGVSStOwIFptWzyArDMNCrOWqSbojzczjxcrESy8agTR1Z/U+YVhcwHub2ch0w/RkxepvtLQMHiTK3YtFrp5of29pCGHLv0dWgCoR+S7+VcSbQrQdAv1kb13EC64F55GwvJnPEcQGTous2DZrbsOnAgMBAAGjUDBOMB0GA1UdDgQWBBToNe5/YV0PcEjQJlvv/yJ7FhfvQjAfBgNVHSMEGDAWgBToNe5/YV0PcEjQJlvv/yJ7FhfvQjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAgCPzeVaQNP3Bm796QT5R2r0Ur537xkN9f6W69paWfh2Ti7FzVyBCUMUMHL55dR24m45Xl7X2rurwZnr3oyibcCUENk2nYQ3uadoXTj3q5jfW2KxTx0DQH2F4D3TqxUpsTcJpt5eG+2mFheAyG6A+k719ShVgV6BtW1A1U9KJMD7UeWbejBGKrAC3AkCQyIaBjw+64sed8NN+jRPaEJxJ/APpHEBRiXQQOtnTKoRoz9ZvRvJTZ0N65/s+Cs7c2Y56PonWjlY2Kt4W5tp4VZTCmwnGmvMApyrWr/IZ9GgJsSz1EmbfVGKjKLHM29xXxnBLmkfGdc1yU4HXZYVFh00Ds6cgA==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</Response>
en utilisant le validateur sur samltool.com-je obtenir l'erreur suivante:
Le XML est invalide.
Ligne: 69 | Colonne: 0 -> Element '{http://www.w3.org/2000/09/xmldsig#} Signature': Cet élément n'est pas attendu.
Salut, s'il vous plaît créer une nouvelle question pour ce nouveau problème et marquer celui-ci comme résolu. Ceci aidera les autres à trouver leurs réponses plus facilement –