SAML response signature is not validated

prashantjcha · March 29, 2017, 4:30pm

I am using the SAML 2.0 v2 for .net core. I have been trying to figure out why my sso is not working with the SP. We have an Idp initiated setup and everything looks to be good but the sp is returning message saying that unable to validate signature. The sp is configured with simplesamlphp. Following is the saml response for a successful SSO and the one that received error saying that unable to validate signature. The logs are from the SP side. I think it is the encryption and digest algorithm methods that are mismatch. How can i change those methods.

Successful SSO response:

[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Received message:
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <samlp:Response xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” ID=“_B2E725C21C80FA738D204695BA7E1AF2” Version=“2.0” IssueInstant=“2017-03-28T21:48:51.926Z” Destination=“https://sp url/dev3/auth/saml/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://our server url</saml:Issuer>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <Signature xmlns=“http://www.w3.org/2000/09/xmldsig#”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <CanonicalizationMethod Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <SignatureMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#rsa-sha1”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <Transform Algorithm=“http://www.w3.org/2000/09/xmldsig#enveloped-signature”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <Transform Algorithm=“http://www.w3.org/2001/10/xml-exc-c14n#”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <InclusiveNamespaces xmlns=“http://www.w3.org/2001/10/xml-exc-c14n#” PrefixList=“#default saml ds xs xsi”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <DigestMethod Algorithm=“http://www.w3.org/2000/09/xmldsig#sha1”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] bTAjsuai8Pv0vcQZ0qDEuBMwOAI=
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] fMb82hDpVBCroBVUi2yTwE6dC0MkdqieS9hzMQzEyEOPKINND4R2lLNKMqW4jK+AfdlH7dYGXRbVsl6Fv700j4UGVybDrVuKgJ9brbNM0Z/lzNIKQ7fcSbsYqQKCNPAnahOeAW5o1JMafVgK+xsLr381meUj4dEJwXK8MZmbIjQ=
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] MIIB/DCCAWWgAwIBAgIQ39LYOFEy9K1A+f1T4C/ELzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtYWVogQ29tcGFueTAeFw0wNDEyMzExNzAwMDBaFw0wOTEyMzExNzAwMDBaMBYxFDASBgNVBAMTC1hZWiBDb21wYW55MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3E55S/VquStRieuJ39TM6HkKh47pC+x3XklZ+gmIPHk2XRbUuOCnJunxnesChjDJ2H0tP1usHoPU2jJbfNffEJRrVw8zDavvVqiye4hHGaSL3i7BDOChzKeQY/8yifIMFUIK7DOKwfQDUbJf662gac6u0AmNv/CNdIpECWUHokQIDAQABo0swSTBHBgNVHQEEQDA+gBDHk2UyyDjvEL4gr3OaFlNBoRgwFjEUMBIGA1UEAxMLWFlaIENvbXBhbnmCEN/S2DhRMvStQPn9U+AvxC8wDQYJKoZIhvcNAQEEBQADgYEAIqaguk7RrjeJJtq44DSFatuGtYxASy/MXtdbHhuiYIRNNBgBPB3NWYHVBrZnftBmbHz1Ur61x7ZWYPqezvKhyKZNgHHkbL0O35MHEYNNJhDLdw0QVn4QkZL5MhLHU+8zcaMWTERlQN3rQTAg4paz5oSVDMQyPbUAC/xsquUP44E=
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] samlp:Status
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </samlp:Status>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:EncryptedAssertion xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <EncryptedData xmlns=“http://www.w3.org/2001/04/xmlenc#” Type=“http://www.w3.org/2001/04/xmlenc#Element”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <EncryptionMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#aes128-cbc”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <KeyInfo xmlns=“http://www.w3.org/2000/09/xmldsig#”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <EncryptedKey xmlns=“http://www.w3.org/2001/04/xmlenc#”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <EncryptionMethod Algorithm=“http://www.w3.org/2001/04/xmlenc#rsa-1_5”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <KeyInfo xmlns=“http://www.w3.org/2000/09/xmldsig#”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] MIIC6jCCAlOgAwIBAgIJAMnZ6sNaZilOMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9udG8xDTALBgNVBAoMBFJFQ08xCzAJBgNVBAsMAklTMSIwIAYDVQQDDBluZXdwdWJsaWMtdGVtcC5yZWNvLm9uLmNhMR8wHQYJKoZIhvcNAQkBFhBwcmFzaEByZWNvLm9uLmNhMB4XDTEzMDUyNzE1NTUyN1oXDTIzMDUyNzE1NTUyN1owgY0xCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzENMAsGA1UECgwEUkVDTzELMAkGA1UECwwCSVMxIjAgBgNVBAMMGW5ld3B1YmxpYy10ZW1wLnJlY28ub24uY2ExHzAdBgkqhkiG9w0BCQEWEHByYXNoQHJlY28ub24uY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK6IdLgj7OlNzfzNb4scx4/42vpF5Ru6cuvttraxJTHAYdA3bMWTdjBxKVjKpSn7FGwyS6CmNWuVtWsICRVaPde8K438TxFkO7ov7i/95wXPuWLp4SwKn0RKN1Tw6jO520iy9cNhWyXldAUsADOvyPLNIp5W7UrnjBXmSIY3xgV7AgMBAAGjUDBOMB0GA1UdDgQWBBRnd2kQsBWCDdpI9nkNju7Ut0utkzAfBgNVHSMEGDAWgBRnd2kQsBWCDdpI9nkNju7Ut0utkzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEAOUMtno9Mt/UB5iDDjI3FWKAJIXDlggWKeTeeXPDrTLEy0RpVZH+4LH59mthvb9PWU3pCWTtr+vnXGoS196RN/0bMRjx3fF90zRNij/Oo9WvmqNopjKuE3GdKic2XqpIztk9XFBdyU2rHZaCMuIvx202PyiI24H8Rru7ef1djK
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] dBu2SMr7gkdprDPov8qGuF7tApX3A9O/rUr7A/VgaSFX4Hp0StN9ah89ZWlqcTKw5LtBgB0Y/ueF7936RSRkLXyOpyFBLoTpGd5a66eWM9IGLxC8RnJ6g1yrvj90niDVyvGDAWyepdy2qu3j68IyDSJgcIFDJoCTQeUlhbqP07c=
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] 6sNplEuGzBkXwPLtp75OHw2Yl/GswKV90FAovlQSl+Zn3qRNvfd4FDb3C4xVN7XhcVRpcnFJHpHVNc+BLiI5ZEYRnzGvvOMxxLla400vzYkVYiUFPXO016AyITlZOxVWwUFVH8K7gqCtsaPBeyEXdXGtl1E4URFIx8CHNj1n8t/36t+vA8BXFBxNzj/HFDeuOmcWI7fJzeT2IQ2nWUNKLVmKsrzQAlFQn9OzlfHfOLQoE0vlmSHC2m+wvR5Y0RV8ntoL+jP+fzL0D0L9tos9iG0hXN2ik0OxJdMlHrYHSP1kdkOU5dIp++iA+6SU7YeRW3vZkmxTOErhSo993fLk8spd8SmEWVeLSmPnRIzGoihuwhQ4O34YL6L8ulXBXJ9jBEpD1EA21w7HYkj5PHpUKgo6NxFhA92FxSUalsvy+IE5YSDn/UafCeUrWaCF4tn7nTtYuS/bJEOBIy//Lxd+udv3mUeCSvpUowDTmYqzjKvz2THCY1PNmm8PME9awGn+XSn1MhcTkZ5bIDuqTvNS8SiYiYzaFHWEWiq827Sm7J590IFf64MxmLmkiO/fBPUJ8/bAqoz+Y7CVQtX2LOLdIu5TJb7VSWkc2WPgvqKTHlTsiGaUlR2sYA+/M8PLkmUHK15s5IsjO8gVc6SC4Tc0F4oYiqCuQUfZTFDBEJxaMSS0FYg5Ne0ktBh0n/goMNKn9UwTZVkg3DdLVGbjb9UjmUommA1y3+qTGLvIMBvZLeCXc5G2MgC6bDBLY90wplNW8K1tIsz0yCPyZrdMDvYu20zm8voRienKz+W/2VjP/6g6vvEa06e5O7n1HNjav5GPJ7WHzuZN+EhIbuv4lFXiBeksa5FZixhq2hBKSBKYUOEcYAXrV+zmRITAyXPef8vXG30V/CBUaQNh/T3QGZSsp7b7qakDDvh4kITiRD1XjZRPZQNX3GIUAvbf0nm81VhW/QpshXnxnbgGJCbNMby6EZJr2Y/Xhksz+OFpNFH5T5351Zh/AluDY575xzjv3f4AcZ5v1NQsHLWrFfLfUlSxFZdrh/c5FoneCreRP8wVFHWmHrQshP2bRZ6SjK8HrfpKl/4yK6wcPobZWEUnk5JeTLYE/OoJWu90fIeQrOZn6zNNsx8e9AaroCPDE7xKG/CoZfrPFjw6ThPSB99YUfEche4F3RQi/yGjxjg6IrZP7rJdZZxNCpoCrXAts7W40yoHMzwfgSIb8pSZKtoBgkJwqfHpPjJ+22wccfBJetv1lqSG/9m6gMx9aqXqnNhjYbSb2BmVhJhM/spGaxW4b50VhjjrAz/eUVuuCkKyLdmvxY+i60Hn9QAXleFGbLPXeQasx5IoxKFS9CJDAQxPtmvFPT33z+u/le+IbOHfT5LGHDEx9Jm+/qMpUvU0woHxSHEsnexDkUiCQ3e0JhU2m85HwrcaiUQwhlB150h22UvspYUJ9OI2PUoNJkGcStUtAk72bpgCyimfsHw+1Xf/ozRv9TugJCQ6H0kUiv8PshK9ZYC9k3wiDciCaEN7D/2aXtZVY2dwE/B2jM6JG3r8JgZ+c6VdwiJb8xeMMmiYW/IfyL1g29K+utuE+ZWaxhnwq2FdKI9m+Thx7ONy/XbY7vEdOTCLS6N/cfF9b4MKcBCyddAXCg79eO836gbKMaQZpdwgDKxm8YXz642dyc/f95e31ATDu7ZIE0poOT4ePdc7+o8Y9FslIoXoy0BoH8z3PIOU284AXSVtzdq4vMx+2RWZlFR/973yLpI/aTI/DSpBczKzBMeYuWOdAu1ssXtgMSbS5ogqRidcN93WQIyy6OMlaGBKt8mlSkhdFHHpNpW/RJBBl1V0vfMyWYCYhrH6x+V6PzPvNP8CFz8+z3xiZZLwwBrKdnq9miUgji64FR5I+Ngzogra98upIIYvqKmhhNoBTOv68za++jCJk5YTcrQyLsUjEh9rVnhrk0p7aqoczKZhzRpsehk3JTGCUdi8fa4PlaGIcULAhMghvInMjHgocE6mplO5BMvELuhplS2Bfzmwb1cxMTZSTwipS8TEDJamGIcWDmSyII1cMiUl+AlUl8+V7YDEnsSvDSu8QdhiCAUPKEEe13woVPVNtyeTKSknnyC1vx07TJ3vyod2qRUiv2VJceuUAwrG6tPZ2ggmLpcBaCuIdNlP49ZUgkgJWVp3h3rVJ1I6AalIImKIvuDrk8aEcbwIkQqXtEeqd2pYX3LGS3xTOhtc+09T7XXkNrFCruYeC69ZDGrcafNqDOHuZayvivHilusocF+NN2DA5HgvbVU2yAl3x59r7tk7Ar8dxlDh9R46kMwRVZifpz5cttkDaoayAe/FdMk9Wwt4yVeHJHLFcth2fNjJW93tqKuTO8McTg341wkl0JhRekx1au6rNa+mVfgbMDzYBSMq3Y8UVVcs5pIOVBP+97w8GDQIwncNm72lvkATsbW4NzStzzc9/WycEF1k/OVbSLShzvuwU7ye8S10BjTPAE5Y29g1PEgkClRdatvwUvSDCQrg3Enb0cDH6/oX3cfqHj1vqxeZ2ysQEzPhvrH0wGxtBgVoAJW4ahU/DFwAYZ8F4Z6tI7a7Wi28yoACGIOsJnlvGVjrFPAgCQvaqpB221lvNDnSfpL0xL2aHOZR+FVQfNqJSQt9ISyDB0u0tZugNDB6fqxjmZazRMDWsrMy98ZqLC/5dXy5HinrXGJMUaxX7HYsfVUKOw472FJMte1kop7pBuo5vH1Nv+rqseSwAtHYJDO/EH8Ot0Z6BcYRjr+OJchNrk8b5YBM/eHDnxUcg28a6shyF6gR+lQGsvAEBcY3qmmSQpOtP9J1mBGrkCwOfDbaOyWlCq5hTz6Ayv4h5UABKULXykwcykYD/csTSCAOaXje
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9]
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:EncryptedAssertion>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </samlp:Response>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Received SAML2 Response from ‘our url’.
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Found 1 certificates in SAML2_Response
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Has 1 candidate keys for validation.
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Validation with key #0 succeeded.
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Decrypted message:
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Assertion xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” Version=“2.0” ID=“_D61A8FEEA2E00DA46FDB73B3A88875EE” IssueInstant=“2017-03-28T21:48:51.926Z”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:Issuer our server url</saml:Issuer>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:Subject
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:NameIDOUR SSO</saml:NameID>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:SubjectConfirmationData NotOnOrAfter=“2017-03-28T22:48:51.926Z” Recipient=“https://SP URL/dev3/auth/saml/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:SubjectConfirmation>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Subject>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Conditions NotBefore=“2017-03-28T17:48:51.926Z” NotOnOrAfter=“2017-03-28T22:48:51.926Z”/>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:AuthnStatement AuthnInstant=“2017-03-28T21:48:51.926Z”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AuthnContext
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:AuthnContext>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:AuthnStatement>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeStatement
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“RegistrationID” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValuevalue of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“Email” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue value of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“FirstName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue value of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“LastName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue value of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“City” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue value of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“value of field” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue value of field</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] <saml:Attribute Name=“value of field” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] saml:AttributeValue5/15/2017 12:00:00 AM</saml:AttributeValue>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Attribute>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:AttributeStatement>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] </saml:Assertion>
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] Decryption with key #0 succeeded.
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - DEBUG: [bb33f729a9] No certificate in message when validating against fingerprint.
[28-Mar-2017 17:48:49 America/New_York] simplesamlphp - ERR: [bb33f729a9] SimpleSAML_Error_Assertion: Assertion failed: ‘is_string($sessionIndex)’

Failed Response

[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Received message:
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <samlp:Response xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” ID=“_03e68b47-e577-4695-8fbb-6a6ad319b5b3” Version=“2.0” IssueInstant=“2017-03-29T23:09:08Z” Destination=“https://SP url/dev3/auth/saml/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp”>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>https://our server url</saml:Issuer>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <Signature xmlns=“”>http://www.w3.org/2000/09/xmldsig#“>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <CanonicalizationMethod Algorithm=”“>http://www.w3.org/2001/10/xml-exc-c14n#”/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <SignatureMethod Algorithm=“”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <Transform Algorithm=“”>http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <Transform Algorithm=“”>http://www.w3.org/2001/10/xml-exc-c14n#“>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <InclusiveNamespaces xmlns=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” PrefixList=“#default samlp saml ds xs xsi”/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <DigestMethod Algorithm=“”>http://www.w3.org/2001/04/xmlenc#sha256"/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] 01xclUAOfgBzaqzkg43jNPorumxwnGUGT7TncIQdqSE=
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] L5neDux+vEGu+K8kyw/19iY6UlpkvoSD4CMvRh1q7ibEuaTtYjRVuVDT+fgH6ruE3EP/Bb/zYmTjl4PNReOu+7r5gL/6bZiXd+MwdZO+bJiV01/vNjXrLabwV59vVSOqQNVA5ee+2hPdg/P3c1ksyM16j2q6+hkxJdZdSQMxf/c=
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] MIIB/DCCAWWgAwIBAgIQ39LYOFEy9K1A+f1T4C/ELzANBgkqhkiG9w0BAQQFADAWMRQwEgYDVQQDEwtYWVogQ29tcGFueTAeFw0wNDEyMzExNzAwMDBaFw0wOTEyMzExNzAwMDBaMBYxFDASBgNVBAMTC1hZWiBDb21wYW55MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3E55S/VquStRieuJ39TM6HkKh47pC+x3XklZ+gmIPHk2XRbUuOCnJunxnesChjDJ2H0tP1usHoPU2jJbfNffEJRrVw8zDavvVqiye4hHGaSL3i7BDOChzKeQY/8yifIMFUIK7DOKwfQDUbJf662gac6u0AmNv/CNdIpECWUHokQIDAQABo0swSTBHBgNVHQEEQDA+gBDHk2UyyDjvEL4gr3OaFlNBoRgwFjEUMBIGA1UEAxMLWFlaIENvbXBhbnmCEN/S2DhRMvStQPn9U+AvxC8wDQYJKoZIhvcNAQEEBQADgYEAIqaguk7RrjeJJtq44DSFatuGtYxASy/MXtdbHhuiYIRNNBgBPB3NWYHVBrZnftBmbHz1Ur61x7ZWYPqezvKhyKZNgHHkbL0O35MHEYNNJhDLdw0QVn4QkZL5MhLHU+8zcaMWTERlQN3rQTAg4paz5oSVDMQyPbUAC/xsquUP44E=
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] samlp:Status
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success”/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] </samlp:Status>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <saml:EncryptedAssertion xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <EncryptedData xmlns=“<a href=“http://www.w3.org/2001/04/xmlenc#””>http://www.w3.org/2001/04/xmlenc#“ Type=”“>http://www.w3.org/2001/04/xmlenc#Element”>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <EncryptionMethod Algorithm=“”>http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <KeyInfo xmlns=“”>http://www.w3.org/2000/09/xmldsig#“>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <EncryptedKey xmlns=”“>http://www.w3.org/2001/04/xmlenc#”>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <EncryptionMethod Algorithm=“”>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] <KeyInfo xmlns=“”>http://www.w3.org/2000/09/xmldsig#">
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] MIIC6jCCAlOgAwIBAgIJAMnZ6sNaZilOMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9udG8xDTALBgNVBAoMBFJFQ08xCzAJBgNVBAsMAklTMSIwIAYDVQQDDBluZXdwdWJsaWMtdGVtcC5yZWNvLm9uLmNhMR8wHQYJKoZIhvcNAQkBFhBwcmFzaEByZWNvLm9uLmNhMB4XDTEzMDUyNzE1NTUyN1oXDTIzMDUyNzE1NTUyN1owgY0xCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzENMAsGA1UECgwEUkVDTzELMAkGA1UECwwCSVMxIjAgBgNVBAMMGW5ld3B1YmxpYy10ZW1wLnJlY28ub24uY2ExHzAdBgkqhkiG9w0BCQEWEHByYXNoQHJlY28ub24uY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK6IdLgj7OlNzfzNb4scx4/42vpF5Ru6cuvttraxJTHAYdA3bMWTdjBxKVjKpSn7FGwyS6CmNWuVtWsICRVaPde8K438TxFkO7ov7i/95wXPuWLp4SwKn0RKN1Tw6jO520iy9cNhWyXldAUsADOvyPLNIp5W7UrnjBXmSIY3xgV7AgMBAAGjUDBOMB0GA1UdDgQWBBRnd2kQsBWCDdpI9nkNju7Ut0utkzAfBgNVHSMEGDAWgBRnd2kQsBWCDdpI9nkNju7Ut0utkzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEAOUMtno9Mt/UB5iDDjI3FWKAJIXDlggWKeTeeXPDrTLEy0RpVZH+4LH59mthvb9PWU3pCWTtr+vnXGoS196RN/0bMRjx3fF90zRNij/Oo9WvmqNopjKuE3GdKic2XqpIztk9XFBdyU2rHZaCMuIvx202PyiI24H8Rru7ef1djK
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] U0Qqu9R2D9HG6cNu8c+87KsvRb5X0MKMkETiMFnCiC3JeLQQVBOfRZ7z7wz5wG7YTxEXa8NVmWsfaw0bD3qJNppiz5jGwjZhVPs4GjzZeYePHvIE64eWljbUp4Mh7lxIip4gEqPDecOUgjSg6Rcp0uCiK//FlF0hT8767l2WXyI=
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Fi5JkNRGM+HseSd7WWiCQolItzXc5M/ojFUPa4KBbNlxOpuk5zff3uJgzIfEDhV0s+1hTGxPiE/+Cv4IlOmCLeYLF+1N4zFV66ul669PplrQltusodM7rLrmeVPEe8vDZZ72FrBhkpaIjDBORLt5CLxlK+f+7pCpmL0iquH8eRzQmA/3BGVwVuNzERf4oihU7eG/5BkkdrrZwrdUyWyCfEWX940RV3qmlHFqFzNUeJLgMz8/NfWZM80nANGGYSdQ9akD9YBglTZ+Y76QcWStkTk5iFNCZp6Btt69VjrkyOonseb7VXC9qAS1c9POfH0eyiJft9sBcuZDPuUsTZld33EvRk/ITWYqZLahafHjnJRY+68WrPtoWV1bvzRk54+99HjFo4JLI5P05tKgY6IfYnCdGK+akjxA+lo/dslHJBPFSV0XHOvo200oii0aIsBeYDnD0TqQrvukCJIIElFjbSKMvNoi5jyyqno9r8UEoKW5ddumm+Ey8EwjxbWHi+/f/BQrusrbaEJ+7RuJe9BIMPnqCGjjZDUCJTlBkK6INzUnwOCZNmJfNtakpVvez0mhCYwaLUjFUJjjBOmE6OKTrbsgPcIir8PIu7jizcOP55G4a0q6TdJc7V3jHqGMuHdYo+/+auc9SQ2YlAaO+cCF95efZTONa/IKHhBxMIIkFXvgp7y6X7bfdPGgJ+XxwfiZj6y75DRw7I49qcfsZ4O0VzJZcVAp6ylqTG143QVPfU62G+wwhwpwXJwSMJM9EElqQIodw6+cFYfk7sy5KjnBSq1Sq/NlMaEOlHh/72W1GreTJOYwBbZP3lRu5FKoCRsvTu+1nuem8nEvvT9hiDegEjPzarU0zKjwniwt+9xMUe2FAgkXXtbYX702DddhxPZ9K1qtpp3BGfWw1UWTIHgrWQve2xl1UvKKERDiVv2jULZCXsSUdhCkiiBZbhTFRSmboE4lZf3TRP8BC1UqQb8iyH0+V/Qdx0Bn67j5u7LMTKr3jiaxA6vX6qD0d+kFrxkC+L0qBzOUAe+GpmmSksqcZDjau9eEzLOvWaDexHG/aIJpumduCZn6sHcKgETRU5S1kbzGlkAzslI/DFaDUp9sTHQicC7UNORbXArvJA7ipL6cz+P0nAp4muVMoCWe2YV7eB5+PAirIelrBnbc42qLk7c3WzHVZcyS1BEYsepJbJ3h69FrbVN9myAkxrsnwnoAaRG+M0ukmNDqQE+T+nRasaiOyVMnoVzRPOKuVEOZkYrd2uwRs2qMUbzxfkvexuSlsccMm5eX2sobIoQhz0pnE/qUXl9xw9WeOsQr4/a4HdkipsuD2Gx9auto/ODObT4JuBDtz0zESohNnecgReMBzchrK5KVl0K50yBiDDZ/I7xx3U4QsZKQc/0dAk1FdrlMK/oVTz88J1l69WwAQGr1exyiha3moFhtqP6Bj7ZaOHKs1iCg7d7rmo9GdwS5s/KgGYBHmeGFoK0KWrg/UnA0A8Nw775h9XaSyu1eCmcqCxE31+L2eVmLnHtcaXOikgB13MDTYIJhavoPyDdc9YcU6ZrpJiy8xV2fczbWkL2gxySpcsneTPlcAhl10Gxls25Q2KvotYSQClIhRYCZQ0Qxclg5p5WgrbT3KH8/XBw9mVMnJ6sWUJKkIMu7Oq3B64ENpscKiPoJKTKuo+DEKoL5kmmXu2OkntZPQ//r1qRFK4AEmU6b6X9BIXhNGRxNpEpn1rAEM48GGHW//2tngU5i+09DX/CtrFQxeluGUIheVwnCh6mG3u6ZggCpyXiZmDM2ZrfKk0bFtiF8nXBij1B1NK7q+lg5aGnJ//K2F9bnFeitelfH0Vxp/6M9Ga41EPSS3Wr+3cSaqd5vmxJCuaFN4eZ5Mgsyha/z4+39LldP8rqoApv0UZBUT6K/wSa/wd/7THeW6Ej3f4Ev96d9eO/2tefdnkxpCkijGKu3FCGl6gC1nzT4j3yiHkXkh0NF0lPamWhoCD0aqqG0p2jJotUYcLTyCRA5HVSck5eWV1VeQUcOYNM+R0sW+qGTaPkh+ilm3CTAHtaS8llwJODtGFzCdMyu+7nu5i9gvHoMAhu04TQ63l+iLyyFBrkDt2N1etf/RzdTXLFu+mBpUZKtEqOwfEl4Loouv2mmDglYv0NoOQ5M7kHfUoRY2GhlFub6jMHdtJClsp6bPOHce4SoIvhvYJEouTsZynQK9DVj5EdzZxRfSTynedq7sY3izD1fC48OWC7LGG2IrZrgPkoU9pcj+//Y7QR7n0TOIlLVj9/41v83mmKPhpyzJNeOn4tN5+XBAHi8i4GJgZYL3hC98oVFRUwBwDRk+yXZowlygHplnCm9fVLZUbzny/GwiKPlBoopcdInf6suJS5R6cVMpyi7e5k7eZXOAiIWH/n4EYvcuyg//QYvmo7hxg+4NFSr/5JfNY/LwBAwmchjT1vxblk7b3eIggzNYKpYLoIbbr/77cYfDYZNBYp+wmwgk+siNo8HE0wsEB0d37rLDDJCGZsZuR5i3RcAd6QVbdsV/jla8CyK5aJ/kQkafFaSiOreNeUDI8vaL5UfZEuRMh79NPNTbNodVD1/eGJnKyRLHDy2WByYzsFMsgwZk5ZJ2gFXiQLshTziMj6MbKUav45n6E2/ucMnQPHP4hrQE+KbmrYzvZOVafEoLuwDre8xsa9ZxKGYT/n82bY5889JL/BhwqoR1fJ0VCjuzpSQbVOEf6/fiPWDmDV1Mnt8gHpywgl9aKALHrvpK4C/jcQCIH2RWQrMIyfMV0bpcFNXGDuaWtK2oACmoJK4P0W5WOz4tUghP/sQsd9sU+eXvVe6V5HGs/SCxpzp+zPgZZLululnCYeAmaupTAtv01r16+5bQCFfEjWYvBZ1Jk6cquBnqEcHkaxZ9x+yU6yI+qp23QLGlsYQ6LfAROjU02O3I6aWoPCj56IHWmR+DNCtV3qntwdBwM5JkttSvss/2C/IKYFupsY/ctB5306Tfq2ba2QvlXk+5t6jY3mYQ9aO0Ulq1HDXJJnKjeSOgNgeDn0xJfz/quNM1NT7HYrXcj6P3XuEZ+lxeypk841rLRAxzxegQCytuoM6vWh4g7PuFt8yibS3If+evSJAFM3MbOBPCbZ3g+NWc40mQj0HqpgRE4Zkc/XTfoAeoeFMN1p723VyYCXYacLlqY0pud4yTaiyqz7vr9sOFawFhnXBkBVXb/Qpj8WAW27i7SgdMxvqCHJQZP+M1eliUIwJ/1RKiCM82+1gt3Y5+52qByGMrWHTHOrtj71Z8qpztSvUTQijFbu9Vj8ZmFaokHvx9yv1i7sth0n7cKAPGvmBhU8PDUfm/35P80xD01FOJdMhVyROs0rbP42Nb3ogRxKgQ9Oyur2aiDM+U+jhJeclY/HuNYqpy+t0sN5a2v9x9RuGg5WVKaO2t1xFOGn8uQwIkc5+qIVTx4aUPEalci+VNMkB02ke0bki5fCQbF6plkrFl7pK/LWp5tcS7Y9cT6rL7wVKw2NfgygCd9q4JhiUJ9ozcmP4d6XY1zkZLmn5akh6Jdhw8jYGOaSzDU99ANQzp6iPz1KA3OTuO+y8euvxVpVrZt9ZUpJbRtmfNYSvW/08MMUX0rDyDFlrKx1suiYSEH1ICYvD7rLxf4IsPPaqqzhMKSpmRFP6uVBUaaTigReNCM3KtZ8IhrafgWLLY2P8y6QcAyJudXMlpo+hTVsyljO/9vQjv3Aydlt5MleyiTM6TU9MVOs0HQZngUOEkJuJSZhowFjEeZKbPZBdyUEYmgSOMYbyMBZnUizNUIRv3UZfrU7+RaYxFmg6IkvGTf1Tv1tMMUWMer0yn1Zu3ZAKtX6YLZaK1wZ2JGk3XtcH9Vzdjk9NoAXn+ybYD3sIIY+Y+4pZBZfhxcu5cVtG2kN2PT7819J9C7k9U4p0zIeRGBC7YIbq4oOlzmp4/27xQ6w9tHcV3VWRCIJMmAZCMP7Joxn7dQybcSZYNWPzCqe4zxNM4kgdEya2V5woDjwtYiMGnMJvHoyFSJ64ZuArLmiOjgyvGsCucM9WCm2bKny++C28KNThpUeEPNR+BbmB9Mb7GEfsROEi1QKIePszVW3WE45uWgcS6cjro2Q1QUT9wCLh/NGmMWhKsfMEMXNRaotKj5DGefYSE30qzSiTFB3wanDkymUqs3iTam/UinpZPToC4GGPZ2WUfR9+VC5He/GdluZDYtGH3FnbX7n1Lf8q5k7zN5k6Sn7rKx6jMvjyl3V02eV0J318e3bYL9AkWVw/CrAdnVlbncpHApjwoURvlvV6K29EhMkJSye2+HlIDWYOBs8ks6JdTaIMEMOxQkhsq8UA81JgEKkMO+PLsI6OC4DiWptAGtG2rzM2etH29Ib30Xb8+jt0NKRo5Ji5/bNuiJUQDiY4TTGdYQKQ8RcdNfL/VhMfDX87dY9IG2lNsMfFQeXevAwSecnf2RJvyj7ACdfPWMvKBQpQ3e14HjL6RVnQAQonhyTv5nP5eAAMGvD2uvtzl6LuFBBkPpiTcpYmX+S5CcjbKPT3lM61AVQL5VvMBrSM6QVeSYVivPZ/bfWletMQCAZHE9thlzamWcHu8zZPfUFbWTo4UixZsPtcaif1LzS4/T67wgNB5k4zLkvgeNPeW3G/oxNwABsdAJTFW8v+S8TnYHs133OxzllFqJ8gFbK8s/qDr8j3zy0hR8MojEsnejLD0eJ7weHTEuDgnh1yO1tOVyl37GFeWApGV6CymO2WpQde6rq5JvWaRwvu1rsCEV0qNcMbKnSXHx6O2m/+DPwbZUlMqOlxVdjo3VFYDBU0lBnWb37vX5208peo1u5Wmw1+AF6WfnyVLizioLGt6swD+zoh5m9wVcyhwjdko8ImsLlbIkYVN4lqji1jrIZq3b919lWIrA8o498S/Fg5vpLUEPoFZ2lpFRz+scTPTULYhPcPeuXV40Uk81pY787OrMyjUg/ZadqcQj76Dn8sXrWBbcEXplLc+9GEibaLW5P0phRiCqHaCtPbhBLSOIRJV87d72m/RcayhEkONc1tsaNSgxLoD0R1OT/d9X5GUBqhGUM0bTnLGN6pmQ5QfYCO5K5UTXcUo6EjsyisyGEnS/ExC0j2vOgItMCVQAF+e7aOOfFdAoLgjdVxYvhYkAqsn7VoylKdUaKTCwP6cHSqzH4VdZqyu76+TQGRJA6u+l4FGRqLf3Qc8+PcbsRbWLB2FGq2LO1hnaVeHyyIwRkau6VCLrmLseSRqviZTxD3ftT57kiDTQIdyJCbhuylfenX27/tm4Oim2EBydFSraoSF9hcmKvcWVBM34TkI19rEawPmWhWaB5B6lo3izomoVsCzPNHb8GzD94ZsD/xyjksuSR9GKc1cQW++7bLucM/6M6sAlEv2sk23AZ/wfjKyCM61WWoqOXORAUAw1IshBxqmK9JPYveHSBkKFA86b/B8R2UMD3mOXEH00H+2IkN4FV9s/OEgJ1o35i1L19mo1vYJJfLR6I9T62pr0C5W9csCxcyg0x6RF4ecZHxD2wiDPOWl+tEKCQlAB2+ZwUt/qnXVDgv8/Ny7XsI4CnoQAuM8DRMYNTNtOPpQykQfKFHgmlUJOY88SRHke7qBWZHcVFWCsJ/MD4yhUxGTmThA+LsC1e0cPsAnPFVM4I89INPZ3+bNsWpU5PEb8sn9MjiPDdkceIhfq0Bx4CboLV40LLKebgAdBKy1SJPlsUbLe+eRsl0F1hWO0aitkEIGAqaOPGvacoHtUQgC/LrlqnTsEHHK4BB5n600ZQ8afIFkpWME5+odxhoU85YrtrHAkuFCqo6IJFTaGIQAqEfRFb2jdEMvc+6tP4KNfNlKl0O8ixzfNcrVQVWHOh2j1gCUM0zOVutR3GvnEcUV7UtOkCa9s8cDhKeWTRtTsTW9g/rEG4jCV/Gbs3mZwUuHHQj11/X5AcztbDA/4PE9ijMZYIpoibySXp4le7r31gHgQjEL8i+BE24zAFNzopoEOwxbjY43m6co6bCqCkJ8iql9xaE/ebcCj1WhAlFMQ+5BLmKYoliHhuMP1nXTaK7utHpUUcuQdFe/XOi/hSp9bJB5ndAQoE1ypygd+EwGZ+OOdMq9e58SDsAblF/LKH/Vpf7AgDAUWuExaQ8O4iipY9827Kv0a718QBnABjOkewtZJAsewRCD4wuAVzIp2els2mdA8qFcT7/GxjNRgHVRTX14ehxluQ8eeDgTY/BJ+HPouONN07C3sPVC3jkVtZEJeTmeuV1H1J+URcW2Vr6dDoWW+FS+BHes+9CnivqZP8ZfehT68xw3O6jM77X9QWk4w2vPP1vgPXQdkFmOah/FxeM70xYtCjuD+yyQRBp9QKsIVT/4q28cm1rfAuwDEzWbOR4b34yc476dctTYfDXahfxTpRL9w/pLF8+9CM34q66J2B0LK9hcm+3Y1bZ6cEgj7AsBwndTgiuWhj8U2SaTGW2ioMcuFHGSJbrAku1rCrP/OV5sPCP2xaefd2065FkNHhoDb7BXkUAM1R2+o7aIrMGC7wfAgtsnaZkFNqxz0bj154DqfrZsm6AaWYoINlbyzML1c7dr0/fMerd5w+m3/vyQD5BS1NRsIZcNjgwMHAKQSE6E7drNGXS0OfmlQOiFtKTtZeFHiNa7+Q2FY3KVpKkv6wEF0Cm4FiDvOBgclUvqfZRpGpEvcLme6tuHblLnna091T4SiVh0Nn0xysThHD+P2ShiapLoGqNG7qYIU0vFe1+/JQvBLSMIGrrvXwAYT+/Arwk+DqxZKYn5SydWhLco+B7X6Ok+X7t4Wh4nR/5z0HyeF0zGTscAb4iebq3nSeNOMpPipndTfvmeHYSbkRVAJq/hnP9/JZlHyuFUC4Mny//3K6lIs6GXbyuhuRcmpRy90XD96jQjcsslL0LEnYKKww5Tq3yhlnKVOD+lKxykjxoI02CwEdIeGojgssbTRuc0eKGPJfG37c2SMgi/NlR1zBcXf2+RaE/WwblOzDbsO06R8HAz24xL0QjXZBXLaCiSwsDsDL0rfHAC6uE2vgZ2/crjoG/suR2aStbv16IxKdpM/fYpdZAGQkYoc3ZU2piMdiW7/KS3d/GUn8mh5+Z8IDxKkIrVPfe2ep1wnOMuTU6bOduDnyMmFCYYlvJLrr4zKkNx4mIumktDdcjbeuWrC89yIPofrncH4AOElZg/FTq4UaxfoeIl2HOtyUacTFYxzP1yXyonRgQ9Txg4tHq2bOo7jyVufMZXb9En5q1wjo5nBWjIXtJpyYqKBMDbMU8zZSnmlhcEL0M8Uikttez1A+8pcZNCGPkb/0nX0ZhC8lHbYRNqkeql1uqev3SJCubon9fLapaWi6FQ6NOGGC8DdjcHQhBjSgPAZNiUQwkuA5RZ49jYof9YYj0Zyqrbz4HujL8RUxUt35AthkATNA8Z19V3uZfOMzszIgXEdvIYAx1pNlkYn+3SyNeSbJXuzEW+zSsIT1h1EM4rrTKFuT0nuNsmpIxMYi4AHOR80r6G5WQ4Lq5XVpaZn67FIPIvgJdjltzwbQUX1sDWnDwrcg3gLLISmzBhcopaGYNjJlJ/HRc7FsF88UbbRWt2SHvwQnsHNvS8b2yH0B61sJtfcxMDJUHGwll2qUw6HgMkxHLMFOcwe5inAFuAouVQSnbipVxfeQMU9AG+BcYAIk2a3LvQWacazrvpFPod6j7FlSWlj2fessZ38xr3Ae3h+X/uyxa7pABvcIU7tdEEbgKiCZ3+hlDU6zMHpAbLNZV9Hh8xMjLayRIfkZf7RdrW1XmRmdag/M=
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57]
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] </saml:EncryptedAssertion>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] </samlp:Response>
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Received SAML2 Response from ‘our server url’.
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Found 1 certificates in SAML2_Response
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Has 1 candidate keys for validation.
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - DEBUG: [1b554e0a57] Validation with key #0 failed with exception: Unable to validate Signature
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - ERR: [1b554e0a57] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - ERR: [1b554e0a57] Backtrace:
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - ERR: [1b554e0a57] 0 /opt/rh/httpd24/root/var/www/html/moodlesites/dev3/auth/saml/simplesamlphp/www/module.php:180 (N/A)
[29-Mar-2017 19:09:09 America/New_York] simplesamlphp - ERR: [1b554e0a57] Caused by: Exception: Unable to validate Signature

ComponentSpace · April 3, 2017, 1:05am

As you mentioned, the successful signature is using SHA-1 and the unsuccessful signature is using SHA-256.
To specify SHA-1, update the SAML configuration to specify the DigestAlgorithm and SignatureAlgorithm.

“PartnerServiceProviderConfigurations”: [
{
“Name”: “<a href=“http://ExampleServiceProvider” ,”=“”><a href=“http://ExampleServiceProvider”,“>http://ExampleServiceProvider”,
“Description”: “Example Service Provider”,
“WantAuthnRequestSigned”: true,
“SignSamlResponse”: true,
“SignAssertion”: false,
“EncryptAssertion”: false,
“DigestAlgorithm”: “<a href=“http://www.w3.org/2000/09/xmldsig#sha1” ,”=“”><a href=“http://www.w3.org/2000/09/xmldsig#sha1",">http://www.w3.org/2000/09/xmldsig#sha1”,
“SignatureAlgorithm”: “<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1” ,”=“”><a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1",">http://www.w3.org/2000/09/xmldsig#rsa-sha1”,
“AssertionConsumerServiceUrl”: “<a href=“http://localhost:61799/SAML/AssertionConsumerService” ,”=“”><a href=“http://localhost:61799/SAML/AssertionConsumerService",">http://localhost:61799/SAML/AssertionConsumerService”,
“SingleLogoutServiceUrl”: “<a href=“http://localhost:61799/SAML/SingleLogoutService” ,”=“”><a href=“http://localhost:61799/SAML/SingleLogoutService",">http://localhost:61799/SAML/SingleLogoutService”,
“PartnerCertificates”: [
{
“FileName”: “certificates/sp.cer”
}
]
},

However, I suggest encouraging the SP to get SHA-256 signature verification working.

fsonego · July 21, 2017, 10:45am

I’m doing tests on Azure. But he reads the disk certificate. In azure we can not read from disk. Is there any other way to read it?

ComponentSpace · July 21, 2017, 5:42pm

You have three options for storing certificates.
1. String embedded in the SAML configuration.
2. Certificate file (ie PFX or CER) on the file system.
3. Windows certificate store.

Please refer to the Certificate Guide PDF for more information.
http://www.componentspace.com/Forums/7813/Certificate-Guide

These options are described in the respective sections:
- Certificate Strings
- Certificate Files
- Windows Certificate Store