`auth.get_last_response_xml()` has user data and `auth.logout()` is logging-out , but `auth.process_response()` is None and `auth.is_authenticated()` is False

[gabrielakuhn]

Hello,

I am building an app which is similar to Flask structure (I am not using any framework, but I am using werkzeug) so I am following the Flask sample here

I have my saml_settings working properly (I guess) because I can redirect for my IDP and my IDP is redirecting to my assertionConsumerService endpoint.

But when handle the POST in my assertionConsumerService endpoint, I cannot retrieve the SAML AttributeStatement (the data idp is sending back to me)

In auth = OneLogin_Saml2_Auth(http_fields, self.saml_settings)

my auth.process_response() is None and my auth.is_authenticated() is False

However in my SAML Tracer tool I can see the attributes there in the POST. and If I do auth.get_last_response_xml() I also got the xml response with all the attributes (name, surname, email of the user).

So If I am getting back data somehow from the IDP why the authentication is False and the process_response() is None? My auth.logout() is also working fine (logging out the user)

[pitbulk]

my auth.process_response() is None and my auth.is_authenticated() is False That means that you failed to validate the SAMLResponse.

If you print auth.get_last_error_reason() you will get the reason why it was invalidated.

auth.get_last_response_xml() will retrieve the XML of the SAMLResponse, independent of the result of the validation process; it is also used to inspect what was retrieved for debugging purposes.