Bug: Not able to run example setup

[mksowmya]

I am struggling to run the example setup. I am getting error while authenticating via idp.

Error: saml2.response.IncorrectlySigned

Here is the traceback: [18/Jun/2020 13:41:26] "GET /login/?next=/idp/login/process/ HTTP/1.1" 200 965 SSO requested to IDP with binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST --- SAML request [

<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" ID="id-TJfxWL3KnCY1jnvb1" Version="2.0" IssueInstant="2020-06-18T13:41:31Z" Destination="http://localhost:9000/idp/sso/post/" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://localhost:8000/saml2/acs/"> <ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8000/saml2/metadata/</ns1:Issuer> <ns2:Signature Id="Signature1"> ns2:SignedInfo <ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ns2:Reference URI="#id-TJfxWL3KnCY1jnvb1"> ns2:Transforms <ns2:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ns2:Transforms> <ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> ns2:DigestValueqO5aq+5OQ4TSO6MJEYqR0mhWLXk=</ns2:DigestValue> </ns2:Reference> </ns2:SignedInfo> ns2:SignatureValueEaeXe9FiFF/A+3fpWG+RsLEM/qMns9CXmVxE2Icjhbn6bII7M8E1bpoQbYtqjLuY Ps6NOuUo1O/d1N4iQujn1fYQOCcBQgcoOlRndsHAbm/JDIKXvkV8rmI/+HR9Dezx PQZ8pznF4qW8HcZ0rpsff3/Gz3dBvmQo6e/awl1clNxz1qmyN5/9TO/vF+0WI2RK QLPBcDTkBpP9NM9Z3P1i+JGHwyOKhOjSK7glTguiIcz9PCbM8rwNiqm0qLF++T/N NR+rXgwce+MZ6vJh4IQu2bJtqbWKdtSC5g1ftTuV8e3Heb4kngDHRg6YxOOM0J1Y seod7jbza2umY3Gkt55N1g==</ns2:SignatureValue> ns2:KeyInfo ns2:X509Data ns2:X509CertificateMIIDCTCCAfGgAwIBAgIJAL6KBRFZctKRMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEHNwLmxvY2FsaG9zdC5jb20wHhcNMTgwODA4MTgxNzQ1WhcNMjgwODA1MTgxNzQ1WjAbMRkwFwYDVQQDDBBzcC5sb2NhbGhvc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWvPHrAXZ8S5TrrPwPk744sQqIh8x8tX+PGtJpZJOidAVnB5vGnZZa5rvu6Es+M15CAD+cz1GAsBegAz4FVP12I3anotCwnbnb0BvdrCD8zVBeMfq8MhWFLm09HoAh7STWyDi0+0BAgCFPyCvfBvNK5j9N0HyJeMLDnju7PWAAHr7rget5FNw6NWxfjlJiowSPpqVfTSjJcKTcByttnmLn8MPs5N5YhPX2CqFWnn3mzl/s7Xc3AQH7xCHGfQX738060vkm72ufPIKi9+onABHJYMx3p5TI9j/O7g06YoypB4k839odCCyoxcfsJwjKGrZnvEB5Eo8ZQJbd3kfSLu5QIDAQABo1AwTjAdBgNVHQ4EFgQUEC1n3lbl5TZO9gjy4VeOuKvtqTswHwYDVR0jBBgwFoAUEC1n3lbl5TZO9gjy4VeOuKvtqTswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAKNPZhQA3028/tGF51RW8vBeHBry2AxSF3ZCgdZwszFMV6ls6/9ZwbYHE+yN2ehNXTxdOfbZIy90Vy0UHMfJk3syKPxQeAM7/1udWk53UfXbwWuyhwUSdDh02H8oXORMcM2MOj5Cl/qcW5X7dbhFkgzRfyTAebonhe8CSfN7uXGgkzO8ft7ndk1uK2hKL5VWH1e/gTegFYm/CMjB/Cwhr+226oz1bjulbU4VJ+RUkrlV6+puCcyBhcv8ZR3f6YAGHzsUt7RNjLeyEuqquA1QbwmlkfeV9NOO9aBpbA5SQc+43CunQe1rLsWoIpCcjSmxYH1qVD7tHLhI7yBqPv5RQUA==</ns2:X509Certificate> </ns2:X509Data> </ns2:KeyInfo> </ns2:Signature> <ns0:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="false"/> </ns0:AuthnRequest> ] --- [18/Jun/2020 13:41:31] "POST /idp/sso/post/ HTTP/1.1" 302 0 [18/Jun/2020 13:41:31] "GET /idp/login/process/ HTTP/1.1" 302 0 [18/Jun/2020 13:41:31] "GET /login/?next=/idp/login/process/ HTTP/1.1" 200 965 [18/Jun/2020 13:41:37] "POST /login/ HTTP/1.1" 302 0 Response was not correctly signed {} Traceback (most recent call last): File "/home/sowmya/TestProjects/djangosaml2idp/example_setup/idp/djangosaml2idp/views.py", line 236, in get req_info = idp_server.parse_authn_request(request.session['SAMLRequest'], binding) File "/home/sowmya/.virtualenvs/idp/lib/python3.8/site-packages/saml2/server.py", line 230, in parse_authn_request return self._parse_request(enc_request, AuthnRequest, File "/home/sowmya/.virtualenvs/idp/lib/python3.8/site-packages/saml2/entity.py", line 846, in _parse_request _request = _request.loads(xmlstr, binding, origdoc=enc_request, File "/home/sowmya/.virtualenvs/idp/lib/python3.8/site-packages/saml2/request.py", line 95, in loads return self._loads(xmldata, binding, origdoc, must, File "/home/sowmya/.virtualenvs/idp/lib/python3.8/site-packages/saml2/request.py", line 59, in _loads raise IncorrectlySigned() saml2.response.IncorrectlySigned Internal Server Error: /idp/login/process/ [18/Jun/2020 13:41:37] "GET /idp/login/process/ HTTP/1.1" 500 326

On debugging, I found the saml.mdstore.Metadata object is not getting entity_id def certs(self, entity_id, descriptor, use="signing"): ''' Returns certificates for the given Entity ''' ent = self[entity_id]

Failing at this part

I do not know where I am erring, I have not touched any of the code and am running as is Python 3.8.5 Django 3.0.7

Can anybody push me towards right direction?

[StuBz211]

Hi! I have same problem, after updated, metadata load dynamicly, simple solutions is:

1. go to http://localhost:9000/admin, auth
2. add service provider, (press ADD SERVICE PROVIDER button on left )
3. create sp with params: Entity ID: http://localhost:8000/saml2/metadata/, Local Metadata XML: get xml from http://localhost:8000/saml2/metadata/, and other required fields.
4. profit,

good solution is add than sp metadata into migration) regards

[sajoku]

@mksowmya Did you sort this out? Although this is quite a generic issue. I think I ran into this because I changed the service provider often and the app did not pick up any changes I made, a restart did not help either. Deleting the service provider and re-adding it did help.