Closed sayginify closed 1 year ago
is it related to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress ? should it be SAML:2.0 ?
Here's the xml I received :
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="some_dest_url" ID="id1456464819472223518982387" InResponseTo="ONELOGIN_99cbb45089fca8cac355bf23da01e1fc2e504876" IssueInstant="2023-04-27T19:51:06.654Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">some_entity_url
</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id1456464819472223518982387">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>digest_value=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>signature_value</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>cert_data</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_8c094e4207e1f750b3d65fb59ebda7e6" Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_c2df852f59ec0c4b42f2ca5b4d9934aa"/>
</ds:KeyInfo>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>cipher_value</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_c2df852f59ec0c4b42f2ca5b4d9934aa"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>certificate_value</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>cipher_value</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_8c094e4207e1f750b3d65fb59ebda7e6"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedAssertion>
</saml2p:Response>
The right value is
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
no
urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
@sayginify I believe this is related to an issue with libxml2.
As suggested in the docs can you try to install lxml as follows, before installing python3-saml:
pip install --force-reinstall --no-binary lxml lxml
Once I have some free time to check, I'll try to reinstall libxml2. but so far everything seems ok with Python 3.10
@sayginify , were you able to test?
Hopefully this week I'll @pitbulk
I couldn't install lxml - even with the instructions https://lxml.de/installation.html - and previously lxml was also causing this issue. We're fine with python3.10 so far, after official 3.11 support we might try again
I'm closing the issue, since 3.11 is not supported.
EDIT: The problem is probably related to with Python 3.11. It seems to be working with 3.10 but I'll update here if everything works.
I have problem with getting some namespace errors. I have the following versions :
I'm not sure which ones are related to python3-saml.
Recently I've updated to 1.15.0, previously I had following versions, and never had such problem:
Here's the error messages I got.
If you want, I can remove the encrypt certificates etc and send you the decoded xml.
I have the following settings :