djangosaml2 icon indicating copy to clipboard operation
djangosaml2 copied to clipboard
verified publisher icon IdentityPython

Authentication error, Access Denied ('message': 'Signature verification failed. Invalid document format.')

Open AyushTripathi-sketch opened this issue 1 year ago • 0 comments

I am getting Signature Error: {'message': 'Signature verification failed. Invalid document format.'.... on logging in. I have tried updating metadata, private keys and public certificate. Below is settings.py of SP

import os

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(file)))

SECRET_KEY = 'ar249h_c(@5#x)ha_vou=4%plz*#!*l=+4c^jbo6wi%8z222hg'

DEBUG = True

ALLOWED_HOSTS = ['*']

INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'djangosaml2', 'sp', ]

MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'djangosaml2.middleware.SamlSessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]

ROOT_URLCONF = 'sp.urls'

TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ]

WSGI_APPLICATION = 'sp.wsgi.application'

DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), } }

AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ]

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True

STATIC_URL = '/static/'

import saml2 # noqa from saml2.saml import NAMEID_FORMAT_EMAILADDRESS # noqa from saml2.sigver import get_xmlsec_binary # noqa

AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', 'djangosaml2.backends.Saml2Backend', )

APPEND_SLASH = False LOGIN_URL = '/saml2/login/' LOGOUT_URL = '/logout/' LOGIN_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/'

SAML_CONFIG = { 'debug': DEBUG, 'xmlsec_binary': get_xmlsec_binary(['/opt/local/bin', '/usr/bin/xmlsec1']), 'entityid': 'http://localhost:8000/saml2/metadata/',

'service': {
    'sp': {
        'name': 'http://localhost:8000/saml2/metadata/',
        'endpoints': {
            'assertion_consumer_service': [
                ('http://localhost:8000/saml2/acs/', saml2.BINDING_HTTP_POST),
            ],
            'single_logout_service': [
                ('http://localhost:8000/saml2/ls/', saml2.BINDING_HTTP_REDIRECT),
                ('http://localhost:8000/saml2/ls/post/', saml2.BINDING_HTTP_POST),
            ],
        },
        'name_id_format': [NAMEID_FORMAT_EMAILADDRESS],
        'authn_requests_signed': True,
        'want_response_signed': True,
        'want_assertions_signed': True,
        'allow_unsolicited': True,
    },
},

'attribute_map_dir': os.path.join(os.path.join(os.path.join(BASE_DIR, 'sp'), 'saml2_config'), 'attribute-maps'),
'metadata': {
    'local': [os.path.join(os.path.join(os.path.join(BASE_DIR, 'sp'), 'saml2_config'), 'idp_metadata.xml')],
},
# Signing
'key_file': BASE_DIR + '/certificates/private.key',
'cert_file': BASE_DIR + '/certificates/public.cert',
# Encryption
'encryption_keypairs': [{
    'key_file': BASE_DIR + '/certificates/private.key',
    'cert_file': BASE_DIR + '/certificates/public.cert',
}],
'valid_for': 365 * 24,

}

SAML_USE_NAME_ID_AS_USERNAME = True SAML_DJANGO_USER_MAIN_ATTRIBUTE = 'username' SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP = '__iexact' SAML_CREATE_UNKNOWN_USER = True SAML_SESSION_COOKIE_NAME = 'saml_session' SESSION_COOKIE_SECURE = True

SAML_ATTRIBUTE_MAPPING = { # SAML: DJANGO # Must also be present in attribute-maps! 'email': ('email', ), 'first_name': ('first_name', ), 'last_name': ('last_name', ), 'is_staff': ('is_staff', ), 'is_superuser': ('is_superuser', ), }

Below is Complete error: Signature Error: {'message': 'Signature verification failed. Invalid document format.', 'ID': 'id-H1nZNj7ytWjTCBhHD', 'issuer': 'http://localhost:9000/idp/metadata/', 'type': 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', 'document': '\n<samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" ID="id-XOll0nIdmk6CqPaYF" InResponseTo="id-hPStOvJXXfEYmZvv7" Version="2.0" IssueInstant="2024-01-31T12:38:23Z" Destination="http://localhost:8000/saml2/acs/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:9000/idp/metadata/</saml:Issuer><ds:Signature Id="Signature1">ds:SignedInfo<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id-XOll0nIdmk6CqPaYF">ds:Transforms<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValueyUVFaoNxGqDxCcjoQfe/0T90aXnF5Y3MZQAbXVYJtm8=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueedvs93S6xfwgNR8N0DuhWDqFnVfllZ7okL5N+d41MevUVBRqdcPFLQsQJ/ODnYn2\nTJ6rLSJYqWHjQ0Ff37fa9/l4v5mKY8pea1kdc0j46Toksd1hDimJbFBKZf/hHTKp\nfObLhSUnz79Ugbpl8ZBcm9LjDvRKf5mj8WBkcq2JJWczboRK7FLHoarejiB5fSna\ntP3BFvpikpuxzp+77j5rO480pt+3Idon7X/Li2Wvr68zhKUU9hXJoFCpGoNmG8my\n9qM7+b4ad6A7/WUzjAGmza7eG+OR1fAYBXktdw9LiKTrnM1LKh0kJl1GApjcw9R3\nJk43SA51+lK2DDBNi0029A==</ds:SignatureValue>ds:KeyInfods:X509Datads:X509CertificateMIIDGTCCAgGgAwIBAgIUYzH/0OUykB/JguRApoCqInE+Gn4wDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRaWRwLmxvY2FsaG9zdC5jb20wHhcNMjQwMTI4MDYyMzIwWhcNMzQwMTI1MDYyMzIwWjAcMRowGAYDVQQDDBFpZHAubG9jYWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK28lypcIAayHhNYkMBHbQNHx3PkkUkFsLMBKoDYL/aq4pIJQ5IY2EidERaFbZDeKXoDY9aXiMmTcsh8Ea32sb4bHTrNxo+w66vCvSWDiGgradj6ZCxjXwR8lOImbNMBoNXKbdwA7X1vRCldtpqGo44NSPLqw3lRacywBbeNc28jFJXe4N0qyVDVrCTDHFulFHfaca6MjiUz+693uVcmoFfpe/YLKZ815NOA5KOBJNyl8OD4Bzkpu05xDnyrNE1IvPXBcwhL5iGVcGhRJJAoTOuAvHLNMploLqsd9uvrRshDZYJsMtlPBBl1HAWeG/nrHQccHNjiAcGO2fEGFGrAyOkCAwEAAaNTMFEwHQYDVR0OBBYEFGoG0/p7ULlBns5eULlsHbTPMRCoMB8GA1UdIwQYMBaAFGoG0/p7ULlBns5eULlsHbTPMRCoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADncox1Jxcyd/bKjBgvsIaSGEn1gNpFpOgy2nys0NAZ77bYoaIuTj0TW+MeIuXU2OS1HZt6jom3OnQLvs5kgfsCuVpFjatSOP/2tuoIM0BNQAPETBxCOkXVH+6HVmIzrypV/P9qrSCtWx2W0olP6B4+Q+Sd4dyiJM4v83jI9W1TjaQTqMunFUIm6uGQ7sUPzMsru7XIIdxYpKekHWxZVznVqHpKZixf1Pn32vuP0KLKhFFywJuXl9SEYJBa/NE4PnitsHgrtgqQaVZ4A6LdeUVtP5HhUJOuD9MAsINBYPQgjr4l4JiXYjxmQWOys2BrC1Du6zr3vxVb+GOw6Fh9UJkE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>samlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>saml:EncryptedAssertion<encas2:Assertion xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="id-H1nZNj7ytWjTCBhHD" IssueInstant="2024-01-31T12:38:23Z"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:9000/idp/metadata/</encas2:Issuer><encas0:Signature Id="Signature1">encas0:SignedInfo<encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><encas0:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><encas0:Reference URI="#id-H1nZNj7ytWjTCBhHD">encas0:Transforms<encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>encas0:DigestValueQBKQa8E1qWDyr7AeWxap7U1mbeAIaGXLprKrOgxAkZg=</encas0:DigestValue></encas0:Reference></encas0:SignedInfo>encas0:SignatureValueVFGtuJy+UcNmACokCyMFgIps1XVSc/SHFjadIG5z+uaY5rnR0h1dc/uF0QlkxALL\nIvoWDv9PgTXsnIkty6qSiv5h+pMvLStyst3M33UcH3ShYUK6L3QspEVuxNi/SJFe\nHAaovvo0Jtg80mSOJwATDVUPF5Kcc2Qf63CTBK/wgbGGzBnoerpq6dEw3pdB7bXw\nmH7XTogMPGdg6zzOYcQvtqeFA1Oh8pGPuGRiFJ8DIkLo75UPtgvVPOotaIcSQsXt\nbt3CJA3e048we3eAQcCC4hY8f3eZ4TPKVKnML16hHfdmGQNpt9s1aw6bPJwt6yip\nhAszB1iTw5OqiOXnoKU5yQ==</encas0:SignatureValue>encas0:KeyInfoencas0:X509Dataencas0:X509CertificateMIIDGTCCAgGgAwIBAgIUYzH/0OUykB/JguRApoCqInE+Gn4wDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRaWRwLmxvY2FsaG9zdC5jb20wHhcNMjQwMTI4MDYyMzIwWhcNMzQwMTI1MDYyMzIwWjAcMRowGAYDVQQDDBFpZHAubG9jYWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK28lypcIAayHhNYkMBHbQNHx3PkkUkFsLMBKoDYL/aq4pIJQ5IY2EidERaFbZDeKXoDY9aXiMmTcsh8Ea32sb4bHTrNxo+w66vCvSWDiGgradj6ZCxjXwR8lOImbNMBoNXKbdwA7X1vRCldtpqGo44NSPLqw3lRacywBbeNc28jFJXe4N0qyVDVrCTDHFulFHfaca6MjiUz+693uVcmoFfpe/YLKZ815NOA5KOBJNyl8OD4Bzkpu05xDnyrNE1IvPXBcwhL5iGVcGhRJJAoTOuAvHLNMploLqsd9uvrRshDZYJsMtlPBBl1HAWeG/nrHQccHNjiAcGO2fEGFGrAyOkCAwEAAaNTMFEwHQYDVR0OBBYEFGoG0/p7ULlBns5eULlsHbTPMRCoMB8GA1UdIwQYMBaAFGoG0/p7ULlBns5eULlsHbTPMRCoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADncox1Jxcyd/bKjBgvsIaSGEn1gNpFpOgy2nys0NAZ77bYoaIuTj0TW+MeIuXU2OS1HZt6jom3OnQLvs5kgfsCuVpFjatSOP/2tuoIM0BNQAPETBxCOkXVH+6HVmIzrypV/P9qrSCtWx2W0olP6B4+Q+Sd4dyiJM4v83jI9W1TjaQTqMunFUIm6uGQ7sUPzMsru7XIIdxYpKekHWxZVznVqHpKZixf1Pn32vuP0KLKhFFywJuXl9SEYJBa/NE4PnitsHgrtgqQaVZ4A6LdeUVtP5HhUJOuD9MAsINBYPQgjr4l4JiXYjxmQWOys2BrC1Du6zr3vxVb+GOw6Fh9UJkE=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature>encas2:Subject<encas2:NameID SPNameQualifier="http://localhost:8000/saml2/metadata/" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Ayush</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-01-31T13:38:23Z" Recipient="http://localhost:8000/saml2/acs/" InResponseTo="id-hPStOvJXXfEYmZvv7"/></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-01-31T12:38:23Z" NotOnOrAfter="2024-01-31T13:38:23Z">encas2:AudienceRestrictionencas2:Audiencehttp://localhost:8000/saml2/metadata/</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-01-31T12:38:23Z" SessionIndex="id-iIjj2wnFQ2DE91srN">encas2:AuthnContextencas2:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:Password</encas2:AuthnContextClassRef></encas2:AuthnContext></encas2:AuthnStatement>encas2:AttributeStatement<encas2:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">[email protected]</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string"/></encas2:Attribute><encas2:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string"/></encas2:Attribute><encas2:Attribute Name="is_staff" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:boolean">true</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="is_superuser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:boolean">true</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></samlp:Response>\n'} XML parse error: {'message': 'Signature verification failed. Invalid document format.', 'ID': 'id-H1nZNj7ytWjTCBhHD', 'issuer': 'http://localhost:9000/idp/metadata/', 'type': 'urn:oasis:names:tc:SAML:2.0:assertion:Assertion', 'document': '\n<samlp:Response xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" ID="id-XOll0nIdmk6CqPaYF" InResponseTo="id-hPStOvJXXfEYmZvv7" Version="2.0" IssueInstant="2024-01-31T12:38:23Z" Destination="http://localhost:8000/saml2/acs/"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:9000/idp/metadata/</saml:Issuer><ds:Signature Id="Signature1">ds:SignedInfo<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id-XOll0nIdmk6CqPaYF">ds:Transforms<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValueyUVFaoNxGqDxCcjoQfe/0T90aXnF5Y3MZQAbXVYJtm8=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueedvs93S6xfwgNR8N0DuhWDqFnVfllZ7okL5N+d41MevUVBRqdcPFLQsQJ/ODnYn2\nTJ6rLSJYqWHjQ0Ff37fa9/l4v5mKY8pea1kdc0j46Toksd1hDimJbFBKZf/hHTKp\nfObLhSUnz79Ugbpl8ZBcm9LjDvRKf5mj8WBkcq2JJWczboRK7FLHoarejiB5fSna\ntP3BFvpikpuxzp+77j5rO480pt+3Idon7X/Li2Wvr68zhKUU9hXJoFCpGoNmG8my\n9qM7+b4ad6A7/WUzjAGmza7eG+OR1fAYBXktdw9LiKTrnM1LKh0kJl1GApjcw9R3\nJk43SA51+lK2DDBNi0029A==</ds:SignatureValue>ds:KeyInfods:X509Datads:X509CertificateMIIDGTCCAgGgAwIBAgIUYzH/0OUykB/JguRApoCqInE+Gn4wDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRaWRwLmxvY2FsaG9zdC5jb20wHhcNMjQwMTI4MDYyMzIwWhcNMzQwMTI1MDYyMzIwWjAcMRowGAYDVQQDDBFpZHAubG9jYWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK28lypcIAayHhNYkMBHbQNHx3PkkUkFsLMBKoDYL/aq4pIJQ5IY2EidERaFbZDeKXoDY9aXiMmTcsh8Ea32sb4bHTrNxo+w66vCvSWDiGgradj6ZCxjXwR8lOImbNMBoNXKbdwA7X1vRCldtpqGo44NSPLqw3lRacywBbeNc28jFJXe4N0qyVDVrCTDHFulFHfaca6MjiUz+693uVcmoFfpe/YLKZ815NOA5KOBJNyl8OD4Bzkpu05xDnyrNE1IvPXBcwhL5iGVcGhRJJAoTOuAvHLNMploLqsd9uvrRshDZYJsMtlPBBl1HAWeG/nrHQccHNjiAcGO2fEGFGrAyOkCAwEAAaNTMFEwHQYDVR0OBBYEFGoG0/p7ULlBns5eULlsHbTPMRCoMB8GA1UdIwQYMBaAFGoG0/p7ULlBns5eULlsHbTPMRCoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADncox1Jxcyd/bKjBgvsIaSGEn1gNpFpOgy2nys0NAZ77bYoaIuTj0TW+MeIuXU2OS1HZt6jom3OnQLvs5kgfsCuVpFjatSOP/2tuoIM0BNQAPETBxCOkXVH+6HVmIzrypV/P9qrSCtWx2W0olP6B4+Q+Sd4dyiJM4v83jI9W1TjaQTqMunFUIm6uGQ7sUPzMsru7XIIdxYpKekHWxZVznVqHpKZixf1Pn32vuP0KLKhFFywJuXl9SEYJBa/NE4PnitsHgrtgqQaVZ4A6LdeUVtP5HhUJOuD9MAsINBYPQgjr4l4JiXYjxmQWOys2BrC1Du6zr3vxVb+GOw6Fh9UJkE=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>samlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>saml:EncryptedAssertion<encas2:Assertion xmlns:encas0="http://www.w3.org/2000/09/xmldsig#" xmlns:encas1="http://www.w3.org/2001/XMLSchema-instance" xmlns:encas2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="id-H1nZNj7ytWjTCBhHD" IssueInstant="2024-01-31T12:38:23Z"><encas2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:9000/idp/metadata/</encas2:Issuer><encas0:Signature Id="Signature1">encas0:SignedInfo<encas0:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><encas0:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><encas0:Reference URI="#id-H1nZNj7ytWjTCBhHD">encas0:Transforms<encas0:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><encas0:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></encas0:Transforms><encas0:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>encas0:DigestValueQBKQa8E1qWDyr7AeWxap7U1mbeAIaGXLprKrOgxAkZg=</encas0:DigestValue></encas0:Reference></encas0:SignedInfo>encas0:SignatureValueVFGtuJy+UcNmACokCyMFgIps1XVSc/SHFjadIG5z+uaY5rnR0h1dc/uF0QlkxALL\nIvoWDv9PgTXsnIkty6qSiv5h+pMvLStyst3M33UcH3ShYUK6L3QspEVuxNi/SJFe\nHAaovvo0Jtg80mSOJwATDVUPF5Kcc2Qf63CTBK/wgbGGzBnoerpq6dEw3pdB7bXw\nmH7XTogMPGdg6zzOYcQvtqeFA1Oh8pGPuGRiFJ8DIkLo75UPtgvVPOotaIcSQsXt\nbt3CJA3e048we3eAQcCC4hY8f3eZ4TPKVKnML16hHfdmGQNpt9s1aw6bPJwt6yip\nhAszB1iTw5OqiOXnoKU5yQ==</encas0:SignatureValue>encas0:KeyInfoencas0:X509Dataencas0:X509CertificateMIIDGTCCAgGgAwIBAgIUYzH/0OUykB/JguRApoCqInE+Gn4wDQYJKoZIhvcNAQEFBQAwHDEaMBgGA1UEAwwRaWRwLmxvY2FsaG9zdC5jb20wHhcNMjQwMTI4MDYyMzIwWhcNMzQwMTI1MDYyMzIwWjAcMRowGAYDVQQDDBFpZHAubG9jYWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK28lypcIAayHhNYkMBHbQNHx3PkkUkFsLMBKoDYL/aq4pIJQ5IY2EidERaFbZDeKXoDY9aXiMmTcsh8Ea32sb4bHTrNxo+w66vCvSWDiGgradj6ZCxjXwR8lOImbNMBoNXKbdwA7X1vRCldtpqGo44NSPLqw3lRacywBbeNc28jFJXe4N0qyVDVrCTDHFulFHfaca6MjiUz+693uVcmoFfpe/YLKZ815NOA5KOBJNyl8OD4Bzkpu05xDnyrNE1IvPXBcwhL5iGVcGhRJJAoTOuAvHLNMploLqsd9uvrRshDZYJsMtlPBBl1HAWeG/nrHQccHNjiAcGO2fEGFGrAyOkCAwEAAaNTMFEwHQYDVR0OBBYEFGoG0/p7ULlBns5eULlsHbTPMRCoMB8GA1UdIwQYMBaAFGoG0/p7ULlBns5eULlsHbTPMRCoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADncox1Jxcyd/bKjBgvsIaSGEn1gNpFpOgy2nys0NAZ77bYoaIuTj0TW+MeIuXU2OS1HZt6jom3OnQLvs5kgfsCuVpFjatSOP/2tuoIM0BNQAPETBxCOkXVH+6HVmIzrypV/P9qrSCtWx2W0olP6B4+Q+Sd4dyiJM4v83jI9W1TjaQTqMunFUIm6uGQ7sUPzMsru7XIIdxYpKekHWxZVznVqHpKZixf1Pn32vuP0KLKhFFywJuXl9SEYJBa/NE4PnitsHgrtgqQaVZ4A6LdeUVtP5HhUJOuD9MAsINBYPQgjr4l4JiXYjxmQWOys2BrC1Du6zr3vxVb+GOw6Fh9UJkE=</encas0:X509Certificate></encas0:X509Data></encas0:KeyInfo></encas0:Signature>encas2:Subject<encas2:NameID SPNameQualifier="http://localhost:8000/saml2/metadata/" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">Ayush</encas2:NameID><encas2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><encas2:SubjectConfirmationData NotOnOrAfter="2024-01-31T13:38:23Z" Recipient="http://localhost:8000/saml2/acs/" InResponseTo="id-hPStOvJXXfEYmZvv7"/></encas2:SubjectConfirmation></encas2:Subject><encas2:Conditions NotBefore="2024-01-31T12:38:23Z" NotOnOrAfter="2024-01-31T13:38:23Z">encas2:AudienceRestrictionencas2:Audiencehttp://localhost:8000/saml2/metadata/</encas2:Audience></encas2:AudienceRestriction></encas2:Conditions><encas2:AuthnStatement AuthnInstant="2024-01-31T12:38:23Z" SessionIndex="id-iIjj2wnFQ2DE91srN">encas2:AuthnContextencas2:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:Password</encas2:AuthnContextClassRef></encas2:AuthnContext></encas2:AuthnStatement>encas2:AttributeStatement<encas2:Attribute Name="urn:oid:1.2.840.113549.1.9.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="email"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string">[email protected]</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string"/></encas2:Attribute><encas2:Attribute Name="last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:string"/></encas2:Attribute><encas2:Attribute Name="is_staff" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:boolean">true</encas2:AttributeValue></encas2:Attribute><encas2:Attribute Name="is_superuser" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><encas2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" encas1:type="xs:boolean">true</encas2:AttributeValue></encas2:Attribute></encas2:AttributeStatement></encas2:Assertion></saml:EncryptedAssertion></samlp:Response>\n'} Forbidden: /saml2/acs/

AyushTripathi-sketch avatar Jan 31 '24 12:01 AyushTripathi-sketch