«Неверный ответ SAML. Не соответствует saml-schema-protocol-2.0.xsd ' - PullRequest
Новая
       14

«Неверный ответ SAML. Не соответствует saml-schema-protocol-2.0.xsd '

0 голосов
/ 16 апреля 2019

Я использую демонстрационную колбу python3-saml (https://github.com/onelogin/python3-saml) для интеграции с OneLogin SSO.

Я сталкиваюсь с этой ошибкой ('Неверный ответ SAML. Не соответствует saml-schema-protocol-2.0.xsd ') при установке строгого значения на true. Однако, когда я проверяю SAML через https://www.samltool.com/validate_xml.php,, он может быть успешно проверен. Может кто-нибудь сообщить мне, в чем проблема?

Вотмой ответ SAML 

<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="pfx394c888b-5380-cb92-b829-XXXXXXXX"
Version="2.0"
IssueInstant="2019-04-16T18:53:07Z"
Destination="{recipient}"
>
saml:Issuerhttps://app.onelogin.com/saml/metadata/be423360-30f8-4d11-9ba4-XXXXXXXX</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#pfx394c888b-5380-cb92-b829-74a21171fdc6">
ds:Transforms
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
ds:DigestValuef0zFz0iK5B9DaeiNyG3aCPa3ma0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValuehZeSwGxuIF+hIrVUR9GC6o4YDmfTrzTx7T7dbHKF1UrxsL9LEHJ8mslm+DYbPPusQtQLiHs4s4nYxEvNnOC75hvo4diHuW4QagsEeJRD6PphgEg73uIuQeDXPHpfDaP+k3oLlMdwVk1QXG6p67LdvzGBSBiAHXDKqHVihYBJ8zQIV6nQaNlo6uNiUVHZVWS8FysVGjrWOev+wzCQRJo5/mGwogN8HW/MQd5fWtKqoW9MJQO91hcnonzqxC1U3w2f+2DY9GIsSwK7Zlx6GNdSLrQZ1wy63q9GBHpRgU2DtF/3GSV9uMVu0CgC4m2iw5XWkvP8W01tWYUa1arpxdQ4zg==</ds:SignatureValue>
ds:KeyInfo
ds:X509Data
ds:X509CertificateMIID3DCCAsSgAwIBAgIUVlqNt5kjQ7ExIYWTkFtNT4PjUVIwDQYJKoZIhvcNAQEFBQAwRTEQMA4GA1UECgwHUG9ueS5haTEVMBMGA1UECwwMT25lTG9naW4gSWRQMRowGAYDVQQDDBFPbmVMb2dpbiBBY2NvdW50IDAeFw0xOTAxMjgxOTAyMDlaFw0yNDAxMjgxOTAyMDlaMEUxEDAOBgNVBAoMB1BvbnkuYWkxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxlHMn3CPaU2XZfFxsFQ/eidPT0s62fn5xlz3HkDr7SRJZnvcE4qZQYc4HFQ/6qqx+6y7yHV+BPpds9Otv1rkSP44kWZ78EZzIHmshZX7bmV8975n1UQPuSKGonTLCWPbCATilWw1AF6UjLi/j0RsS6ByfbPTv/icpjcpHMFFgkXWH6IcYoeuZ0gQC/fL9/FYIalZPWJF8dWLUukkPiW2RhIDAtQ19tSwxBNtDZLV6F5/WyFCm3+kZlF9knzgAcHjXMu0i7qiMKApApsXh/jq/hfP9Yx18ZI/v5daloWoZC4R4hUmrq57i1HGDCTbAdhK6sjJ1RSMOi1kZCeuYk1ojAgMBAAGjgcMwgcAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUrkBk2/w6k7HurZJZmbGnm1GRWvEwgYAGA1UdIwR5MHeAFK5AZNv8OpOx7q2SWZmxp5tRkVrxoUmkRzBFMRAwDgYDVQQKDAdQb255LmFpMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgghRWWo23mSNDsTEhhZOQW01Pg+NRUjAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEBAEIiUYPOw16Cpd6w8UWAEZBVsLJfF6uoEMSxoWYbQRZEQX8gRggib6kDm6IcpVc7rrDc3W6xySvMeABrgHXu/3GeanBTWGtfr1WnmF9Marhir37m42f2XV95JSPtGH0OnOrTRzdjC7eRbLTgzdPKudi0FUvsOF+Z20IllizpdtVSFzsill1nG1lj0vgnoynt81J84w21qWudQKLLW5IFBD6HHReTWEf9MKd3aBKaRigY3hGuJYPEODZeMqVMpk+Ddf5Yz2tWDvxMgTNdCJ4Gl4I2NT5ZwwcIG+G/iXhEa7rDh4qjWFxS7E518OX5puFdLk6lS302ArTyc8zY7R9CUTU=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
samlp:Status
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="2.0"
ID="A06ffdd885d1e4cbfe67f2c9e75667b48xxxxxxxx"
IssueInstant="2019-04-16T18:53:07Z"
>
saml:Issuerhttps://app.onelogin.com/saml/metadata/be423360-30f8-4d11-9ba4-XXXXXXXX</saml:Issuer>
saml:Subject
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@aaa.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2019-04-16T18:56:07Z"
Recipient="{recipient}"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-04-16T18:50:07Z"
NotOnOrAfter="2019-04-16T18:56:07Z"
>
saml:AudienceRestriction
saml:Audience{audience}</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2019-04-16T18:53:06Z"
SessionNotOnOrAfter="2019-04-17T18:53:07Z"
SessionIndex="_cc2984e0-42a6-0137-94a7-0713d1d45bc8"
>
saml:AuthnContext
saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
saml:AttributeStatement
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
Name="group"
>
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>name=GroupA;name=GroupB</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Похожие темы

...