tngan
SAML Response Invalid Signature for encrypt assertions
Hi,
First of all, thx for this great library.
I am currently struggling with an invalid Signature for an encrypted response
When I checked my SAML response with https://samltool.io , it tells me that my SAML Response Invalid Signature
with the detail
XMLJS0013: Cryptographic error: Invalid digest for uri '#_689d5b6c-1446-4881-bde7-b0ec46a774e3'. Calculated digest is 17J9tmWqn+PbOq3QUgmjvXXb8qcYzuvheHRJXEC9zPk= but the xml to validate supplies digest 9uN9DwJO33lv2yLizM6a9jjessfP9OeVMDqcM7SxJ0k=
I'm trying to send an encrypt SAML response with an assertion inside it.
Without encryption signature are valid.
SAML Response => Valid Signature SAML Assertion => Valid Signature
Do I miss something ?
Here the relevant detail
lib version 2.10
SP
const sp = serviceProvider({
metadata: fs.readFileSync(path.resolve(spMetadataPath)),
wantMessageSigned: true,
// transformationAlgorithms: ['http://www.w3.org/2000/09/xmldsig#enveloped-signature', 'http://www.w3.org/2001/10/xml-exc-c14n#']
// It doesn't work even with the transformationAlgorithm mention is this issue https://github.com/tngan/samlify/issues/478
});
IDP
identityProvider({
metadata: fs.readFileSync(path.resolve(idpMetadataPath)),
privateKey: privateKey,
isAssertionEncrypted: true,
dataEncryptionAlgorithm: 'http://www.w3.org/2009/xmlenc11#aes128-gcm',
keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
loginResponseTemplate: {
context: contexteTemplate,
attributes: attributes
},
});
Assertion Creation
dp.createLoginResponse(
sp,
null,
saml.Constants.wording.binding.post,
user,
this.#createTemplateCallback(idp, sp, attributesTemplateValue, nameId));
}
Most likely when you copy your SAML response to website, they change whitespace and other control characters.
Does it work in v2.9?
