go-saml icon indicating copy to clipboard operation
go-saml copied to clipboard
verified publisher icon RobotsAndPencils

Unable to generate correct SAML Response

Open rahul-satal opened this issue 5 years ago • 0 comments

In our project, we have to enable SSO in which the service provider will be Salesforce and Identity Provider will be the Golang code. Golang code will first verify the user then it will generate a SAML response to allow a user to login to Salesforce. I am new to Golang and following Creating a SAML Response (if acting as an IdP) of this library. So, far I am able to create a SAML response using it but facing some challenges in customizing it as per requirement.

  1. The first challenge I was facing is to add AudienceRestriction in the Conditions block as below:-

<saml:Conditions NotBefore="2020-03-15T16:33:16.23103491Z" NotOnOrAfter="2020-03-15T16:43:16.23104017Z"> saml:AudienceRestriction saml:Audiencehttps://saml.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions>

I have tried to add it like below in the code, but it seems Conditions is not defined in authnResponse object.

authnResponse := saml.NewSignedResponse() authnResponse.Conditions.AudienceRestrictions = "https://saml.salesforce.com"

I don't find any way to add the above block in the Conditions block which is mandatory for Salesforce. Please suggest me some way to do so.

  1. Even after manually adding the above block in the SAML response, I am getting the below error while validating the SAML response using the Salesforce SAML validator

Validating the Signature... Is the response signed? true Is the assertion signed? false The reference in the response signature is valid Is the correct certificate supplied in the keyinfo? true Signature or certificate problems The signature in the response is not valid

I have no idea why I am getting Signature Invalid error. Please let me know if you have any suggestions for me.

  1. I also have to add AuthnStatement below the Conditions block as below:-

<saml:AuthnStatement AuthnInstant="2020-03-01T11:28:31.396Z"> saml:AuthnContext saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement>

In case you want to check my Golang code - https://play.golang.org/p/U9dXZblTHG1

rahul-satal avatar Mar 25 '20 18:03 rahul-satal