search

catalyst / moodle-auth_saml2

SAML done 100% in Moodle, fast, simple, secure
https://moodle.org/plugins/auth_saml2
72 stars 134 forks source link

Almost infinite loop #486

Closed clement-cdy closed 3 years ago

clement-cdy commented 3 years ago

When we try to log in, we go on the IDP, we set our credentials, and when we go back we have an infinite loop sending on IDP, returning on SP, sending on IDP, returning on SP... The session ID changes on every loop. BUT when when go on any page of moodle in another tab, the loops breaks and it's OK.

That's a loop in samlphp logs : Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] Session: '[OUR_HOSTNAME]' not valid because we are not authenticated. Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] Saved state: '_807bc1855bf15a7a8066ef74f2fe7039cd96f61454' Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] Sending SAML 2 AuthnRequest to 'https://samltest.id/saml/idp' Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] Sending message: Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_807bc1855bf15a7a8066ef74f2fe7039cd96f61454" Version="2.0" IssueInstant="2020-11-30T16:29:25Z" Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO" AssertionConsumerServiceURL="[OUR_ACS_URL]" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"> Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml:Issuer>[OUR_SP_METADATA_URL]</saml:Issuer> Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/> Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] </samlp:AuthnRequest> Nov 30 17:29:25 SimpleSAMLphp DEBUG [5fe62fd2ad] Redirect to 1230 byte URL: https://samltest.id/idp/profile/SAML2/Redirect/SSO?SAMLRequest=lZJBb9swDIX%2FiqG7LduNnURIAqQLigbo1iDOdtilYCx6EWBLnkgX27%2Bf7HRYewmwm0DyPX184Iqga3u1Hfhij%2FhzQOLoV9daUlNjLQZvlQMypCx0SIprVW0%2FP6k8SVXvHbvateKd5LYCiNCzcVZE%2B91avCzS%2BbnOFkVxbrIC5rBIyxKb%2BazJG5ynd8taL8umzGbFTETf0FNQrkUwCnKiAfeWGCyHUpqncZbFd%2BkpK1W%2BVHnxXUS7sI2xwJPqwtyTknKE5NBIjJZG9zIs0ZgW5ciYyyNq47FmWVXPItr%2Bxf3kLA0d%2Bgr9q6nx6%2FHpn6HG1wQ5VF3SeAnAbUAyGiWEUKfvckn99RFDTUl%2F6T%2BKRHR4S%2FLeWG3sj9shnq9DpB5Pp0N8eK5OYrMa7dUUit%2F8J1mHDBoYRrCVfG%2B0ul7Hl4Cw3x1ca%2Brf0YPzHfBtwrFidNxMo4o9WDJoWcjN1f%2FjwW3%2BAA%3D%3D&RelayState=[OUR_LOGIN_PAGE_URL]%3Fwants%3D[OUR_RETURN_PAGE_URL]%3D52ff28f86ec0d2ad1de5f9715c45d2a7%26passive%3Doff&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=OoUVYa3BOvGahPAv34I0W5AVnCZGj%2BZmjQHTEXVBPV9Dkdrlq%2BdRBXL9mIBFmVuOpM5YjyNBj010wQqbWuLH5hgCINHSht1NFQj2CzgZKpO9tIOYAu1r0nSkcOKecqqOgUUJ%2FouVFWv0oPZLF4QkBlRfESLU%2BGxDKCsBgXc33rpMIOfvFvqUU3iUoJ%2Bj0GRsLwzRLQKcJQ0lz%2BSBMD9b4xFo5zxjti9GcazwbciMdzFNv%2FNbUuVI%2BzL4jEyf3yQjKo7DqwH%2F0ExSsYjIHrNGYSdnJL8DE5QeGUw20OvVX81VBWzue%2FtTcfyKKSWF3azu6T9T4mGBC%2ByBKd6ljc%2F82g%3D%3D Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Received message: Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="[OUR_ACS_URL]" ID="_7745c5e7cf2f9ee2b9c40aee0df421af" InResponseTo="_807bc1855bf15a7a8066ef74f2fe7039cd96f61454" IssueInstant="2020-11-30T16:29:37.693Z" Version="2.0"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:SignedInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:Reference URI="#_7745c5e7cf2f9ee2b9c40aee0df421af"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:Transforms> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:Transforms> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:DigestValue>xbSjTbpHVpeshVcJo8yA61dekEXedfx3T8WvZL6LECc=</ds:DigestValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:Reference> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:SignedInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:SignatureValue>SDq/nAMrGM9PnxO1gJeCzTbml1oqXHnfh4zRMxMmdMrTRrWPrRI0HamnhWoUp3GBj2g2NVHkxiYMXp1QA3Qudloug3q+IpD2gapp8f2Kizl4NmoyjNVcskC0LiLEd8EyyuXHcV1b6qw5APVevPQ7IruPDDiyLmDnS6LtZWuJnjgpTcitw6HYKJp+sNhYK/3Y8wKxgBe9p1atRU5tf+kaXQ4Z6l1UF2ZHzbvaggiphphnIGdPHA6X/0jyS2s68Q2sMoaBZwU/JyOqnJQSH5Y5lZeALJQKRmtAcGc3/tdv7OXneveRFyw+8GpQF5IMNHW5GqJL9/WHwUIUotd2bst3bA==</ds:SignatureValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:KeyInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:X509Data> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3 Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] 4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3 Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:X509Data> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:KeyInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:Signature> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2p:Status> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_005d111bbacb83bfad8d2e32574c9868" Type="http://www.w3.org/2001/04/xmlenc#Element"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_12a540c8220c55aee9e88eb3c8ccbe7d" Recipient="[OUR_SP_METADATA_URL]"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </xenc:EncryptionMethod> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:KeyInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:X509Data> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <ds:X509Certificate>MIIEDDCCAvSgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBnjEPMA0GA1UEAwwGbW9vZGxlMQswCQYD Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] VQQGEwJBVTEUMBIGA1UEBwwLbW9vZGxldmlsbGUxJjAkBgkqhkiG9w0BCQEWF2xpbGlhbi5odWd1 Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] ZXNAZXRpY2VvLmZyMR4wHAYDVQQKDBVBYXRsYW50aWRlIGUtbGVhcm5pbmcxDzANBgNVBAgMBm1v Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] b2RsZTEPMA0GA1UECwwGbW9vZGxlMB4XDTIwMTEzMDE1MzYzMFoXDTMwMTEyODE1MzYzMFowgZ4x Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] DzANBgNVBAMMBm1vb2RsZTELMAkGA1UEBhMCQVUxFDASBgNVBAcMC21vb2RsZXZpbGxlMSYwJAYJ Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] KoZIhvcNAQkBFhdsaWxpYW4uaHVndWVzQGV0aWNlby5mcjEeMBwGA1UECgwVQWF0bGFudGlkZSBl Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] LWxlYXJuaW5nMQ8wDQYDVQQIDAZtb29kbGUxDzANBgNVBAsMBm1vb2RsZTCCASIwDQYJKoZIhvcN Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] AQEBBQADggEPADCCAQoCggEBAMn497MeKECGFM9Cnj7cazOhtStSBBZ9orWaW2NPq5Xortzs3dGo Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Dzl7lsrpe4YdQsIDG9nUlhCijAxGDi5X/rKQKjpCx1kAR9/20SWGcXY4yqqUKfLmJrZmIutUuMgk Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] 07du6EbI9yfl+NV9bgctK0s4ZzSycxcFvDj4nqa9DRrdNaaXf41ibqzSWsmOiliJThmCw2aWHDf1 Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] 0hN+X0Zu76AHS1+ykOTZai0/ff5t7ywgSHlc+Q6Y8J2Lk0S3qNNN/vlfMarrSVTgFHv7WxeKggtH Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] JdaFd0WGbPGMwR+VkFJER6dGGNtopFVLOGL3+DB70B5OsR/G3fnLxUkqeW6jbzsCAwEAAaNTMFEw Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] HQYDVR0OBBYEFOZjhRgqAitYeB9XiedBHBnBzcBxMB8GA1UdIwQYMBaAFOZjhRgqAitYeB9XiedB Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] HBnBzcBxMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAIQYSKXfhphEZBR1wEEO Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] 9rsAVW2bc6vCUHHjOfoz5ywmzPLzJB/oQs5nxW+21drOGUZdfiAIJfuQdFcFetw4EDM3B3Cpih7E Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] wRrzZiTafro0c0sejr7qBWU7QbpM5xPnrT5u58hN1irWbOjtiRJ+9nqoGQ0S24KHt3vEnYicLG+V Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] ksjblvor6N2UCdfUh6F4OOE7GXwhVJcqfAL2YFnI4bBYq1UUCeWI4r0IyJQEsW4U5J7ZQGOOKGWu Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] ZFyhSFLHF9920sTrXhhrpViubN6iKEVGoYalQQ6bpGYNGYSysUgJfx5DujedR1aGK/W6X4XjSF9V Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] 8JCq5R+40j0MqdPjJIk=</ds:X509Certificate> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:X509Data> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:KeyInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:CipherValue>pwEMe8Zxm+ns3rAnwclyAX1jQiE5VCmdLMugUuZMCb2XWw5oWUzyz2cY3qd79nbInudfBgNKPlqdHRJWtQ6sfMCQyY9pOXps3fv5kcX9Owv/FrxCX04IPX7n4MQaS5Q0u4gXMGlDdla3kt2RzS+ErgG4koajFcgbB1JfQUkjoRIJmbS/892ceNfUKy6GdPXYn1zCmxPzh4/DJVkcABTSyBeaKn6u3kr0SixOn28DTlQ4qc3lVJTLr60VTMhBwpUhp5qnORLHdBywQ1k7TwH6L4tTzUmLX6rcPLcjsbd9FwqVa6W3vV/CE80UHxOqY0XS38huhiz/8hlskkJ6HxtIDw==</xenc:CipherValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </xenc:CipherData> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </xenc:EncryptedKey> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </ds:KeyInfo> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <xenc:CipherValue>7xepb9i9ecYy9eU25Ok+mP/uaoOGY5ys4HP8zEXz7/Z/XkJiDAt9ul+/u+hWhEgGbWNHOTfDli0fV//h2HOsRlhVBIdLdwKkCjKITpKLPUTWYD5555RuruVeZ02O6T0VpQk4JIN4P+r8xFE1Gc1Xoj07csCzb9vHens+x83mdnyCTIb0spoq1arIKGfL2FN+qmfefdlUgSUpwqCULccNmzBVcgo61hcTPaQADA414rht8fxyyNNSgtgc1EFUPRmqws+/AE4Rusc7xOMbLJnbE/av6UGA+PFOxmSonpmsMYsk++unNbqiRAGo/2apdaAvABhZ7Jy4gTX2Kp81mszynBs3/c5MUW1i74HW8H/9gFhfS6/oe7HEjL3IU4wvJF1RPBFzR0GH7QTmThm5rWLZ/1ktjShnILO4Y3qEqGvZvc1rQWLepErMMmDTMmkI5O9ArxoqOXLaPdKBhteqra6NThjzRV6KWkAiqRa9YpJH92JYnC//pTd3i+GGrRF4O4vp7am1qlbV0RbpDH2eUl+HbcZgsSSq8gfLzlPh3BW1OsrNPYqiN12HCr/cYHNtQIoKerpKvSlKw70kGYxlkQ3tb5kbBOSjS+e5hHh3uAov8d4qJ4acoq+JAhiwcCbb4nTHxxrMk1KJ9FCvQvegyVVJ1SE/C2A9i/wGQnbfBcDXJPwnrQ7HOqg949g4sYg9Umem6ZAyfgdaVXlna6eYrxEX4MSeOVfsEoveSovPWUU+uTJ4MMzxDkHHHpk6qThUopK4tlDtvf2Xkb2yw5pw8bEYG9PtL8+tGQHHAwFW30MEbh9HYyFImdHQp1PcLHMup4PHN1tDxjuivSUBpaavGFCDljAnc/IsH61rQQg6DxIPSV95+5rLQj5irHfBPguReZOpzRdpFzkCLJhnIaPCsTW71Oio+CL3qTpVcgOTYkUg9cu/AOPvTnj82Bkbqczi7Jy0lLbnq6HPru9L7vdDQhC7oJqxhfZVX7gt08hhHy7tm5qhD6d0DpgqvDV6G6kzuYxLo8S/Mye44ljoVpv3ottTOU6zFmEiIrDJ7rwWQGuJ7BJgjeSD5eVN48CjvkKqZsgyoxo7ncfCUKigu6lnLwvVmALh5/14/nyiiTSSuulOBhAcV5U2sh3rFZX0s0NQyNBZfBGxlJ3nHBu5zQESP8QooMWaZuvsLKnviny/u4Uf7z8ssf9aRtpm+X7i3Tb7VVJBuF+K7ddX91nDr69zoziXlinQl1FRDXoULv3/LrOhPO+AFIyu7Ph/svvVWB0mjpE3xOoL//QcxIyntYLDYgwWHAVJJjdoevKp/4lFPtGtF47Snu7GrQX7Lcc13NyXwndo+6yTfGnj7Yxyfa45Th6nZsLinZ88z19cfKs7vq7baPq2uhJCA7igo7cFBQtoact2NkHeoT0UHY/CJrvT/JbP7CF1MONfArolTh7I+DOp+A+Kf5QP7UcqRvZP9ZlAJQOqg0aTQCbRBFN8zO5dvmjjXNOb5BvjCAD/HozfPsvxO4L6lDtMFlOZ+6c2cvVCV6lq4GBKcN82O5l0/3igujiAXsmfZkEN/Fd3CNxXvcIyuKDX9MhpoXw/weMFZ3eZzjhV7uy3fF3f2x+wsjKQHO+Uk8gTyD3YqulCd5eafgi604gPXu7dXGKf1O1xw1p5PqxpYubA3uUfK9YRfHo2EsUdkenPtW2jQ7pH5erfbPxotxFDxIAGRzGP67FNaYvMckYljgvnIM9l4VqryZ7Oa+2jbVanb1L1ltxP121pdXd+Fu2Sp8GPgcrUR8J823q9MPybVNcCKIbVsLHDa/N7xTY/0KChYzUoVed0P+ep5fvzvHIobeB2i3J/BLGmLd+v6KHUgYSA8rdM4ESHD4o+Ng8fvqaYWpgiEFuuagQUgTbjb8lOcw8PUOPYyE+fJEhPiY+fFDx+BiFkMXjqUQy8fGC0n/apRcTHxH9sCr2J59L4GrmG5F+0CtgvLlXibJ51GYCJQQp1CnBZx7qU9NvNtIdX1vN3FViwl65GO/nkX94fUCZK0As4sJpYU6FUUpeZtu5kzqJE55esOMZB6FzkqOrmiK1xq4l8HCowDRv4rcdgcYB9dIA6AVK7B8C0XZdm5V0Tv7h8BDO9ES47wktEk/iQlsP8nImKx/hXjekoJSjI8yKDyu0kBsDhjkXFsGnj8va9m8EuwnBEM0AZNNVkT+Jx7zKMhuGEmgcJfcojInDzjnGpUbvUrZklrEyCoKiLrqIvVr8UCjhrHLH123FK97RevyBlMfLHF5hA2wgiOEc+xetg62jnXVaWrSkYS/7JZvBP48qgHqJJzKn8mJBUMo60gmAspGSn2jHD/3j4PSlLcZrsZY3m+lRw5kETjxFWBKYZakXiYOatzPhYxRfiyff4eBdbW/YvZw/mIRReWbUwc4LRz5wBbyN2AwlPh+CLuBymV/6aHZuah3OpvO350/FSjJOxbW8oOkgKG9RaPWYxNClF+0UynMtHnZeVQf6Yq2fgLJOxYh3+ZGThOpFy1T5xAbrbQkDCXAS1Y6hU6SjxSpyl/YwVZQpZ/s7wb3JOsu6YG0aIsrCUGmKE56sKjvU+XaeSldSaM42FEZ+VpWw3CcYe8dC7MsoQGMXvogb8az63NRk60dHDWeiBYCrjVrQmFNKmkLsZ/PrPPIOUB9NxiyEmr1Tad/7onNOGOGkDEp9lp3UwkQk3psxbHCt9qptEzn8feZVI1KPB0tWsgJABgJ2/ADhCI1OY9jTq2xdmW4Rku+bj/7DwVqUBu749sRewyfsZ1I3UI9zJ6QRJQbbyciE7BqIXxzKUvIffvyfMG3b3wKb5ZqH8iVMEOSKt4sP1kM34Z3CHgJXnB2xh+kundIBkw6zf1e3C+3PcYQ8waSdMl8F/BW4LZaKN/DxHCCtbHHyEpdMyYTwpHMBNOwC0PT2vcE1zI4KvFxz0NfzOEXgqYRsjrwfdkRxGqo+yJJ86mQfAwrSomVmD5ZMQk+/DgMw3Z9CXReI8t/LWDtftO3SjxyzcaXdQhHss/BbN+yvtp8igjn1+urTcY2rvbiMWS+xlQDBsyosvnpUwrV8JKPUAK28hgKstFwMqE0IVGSvDeOUAUVfMprnaui/NPdmN67uIg3g4xH8x/b2YuTWHvBoyGSpUECX8d+z6YxTD3lCCU1aB0Cl3Crf/eYwxtvA0oXHzJMBaF8d3YF+L6o+Wy6RhEwoq8G6d35U/1RmhxQ46ZxMO6MqxB4nQKaNwUvTfNPrSNf3BK9KC2pSZ5jpS9ro14/AAD5qtCDbRkIevJpWrhDPwBcYPGuGF0FiaP68U4aPwUynCDBRljKkbvL0LKEhdvkoOKISpe4ALjuNNexKo/tOV3QeY1+MHQiLhyhb6xCewhOb1NWSoWIcu4697b8/CZjQKVyC4Qp8icUP1vT0oFAf9vyDvvyyub+XEnATE3hVahWWXbZCEy9e0wJXb4/LoL3Peo6wsEBcUNeMQe/7gbpIU5nYbeEB+LLenJ3mM32wydwqaKQrSIOfxnlBiMmos6ZcU6v0TRwVV7j8rXvlJPFOyxJ5CpSqa0YdVaAydKdoFHwhDuuoQLfiZjJ7F4kemgK9js32ZYRlqOrlrkOFoqjYF7tPHmsgrs1XGDbZedz6cP+/JZmMoK/bXjnsRbLxLdKuynF/JLmGfLL5yF0jCUY51CCzCQrnygNLLHAwQE9dr5xQ5uIKNWSFxvlyDPWfXSfzvj4o9LiGlMvf+UVA8DxAc2HnNfjTobUhoymClwLTXhTHy1wYNTwodxJuEmwUO0XDfeXxPGMcmwTTRuE68PBBr9lk6ArnCfvj2LO6/v8H7lnGk8m/YVlmaZUdediB0eet8k6d+WzkHd3Z26Dtwq0waROkXfq7OvPFocp7xkqujAjfer+IKGa2k1TBhRPG7oaYOjkbdukqNmkv64yyC+FD/7DO31UFXFy8DgnhYiX+xZSoecSdiyKP/hjKY78FGLNouxx+e52bOMiAACLM+NyKJXRcr/bky8nimox8kaIigSO2eZhchWiMiWJHqcQgWsKFsl8WUOnqNbefSfhimvzi5gDp8cBtHjyCv88TdUl+zIxE1w0swcbx2je52Uw/K7f1jT0NZHsVgGbqsmpB644RnCVb/zL3Dsmp4JzLm1q4KjqJMHUTjdgNemJYsCi+vSBekeLJL52bd7fefG9Qlw3KNpJ+nC3SLGUUTrSKrzrKNoWn+2YN9lQoxQpYfKMnSnMgLWR0zlkMeJl2vzKCoy+AslYJsrwUp5ZoSBOhuzWtLYViQsJMVQ1IVzCujWs0cINwx8GxLMfTXX+oNyQOIgk+v8WCmm6M4kWU9ng7cTHuMLPaQNYEX03vD35i3LZlQSQF2myqP49rGptU2d9Cyg4Ty73JLHz6vcW752ikmKSwu/dvjAGnlqkvzWP3tnPP1YHIvq6zJ16zzYHDVrZOqtdD3Ugy8kkI6YS7JxH9CyKnmRI4MQHOtI89trbUhXTV5YizXnWwASvB82dtvtaRN7obrUAkCjMZp3zJAvv3Az5/1LiyQ+mgAUasepa6PQl9lsWgvDXk+Id3mQ4avxr1sGYHWH4ePFU5BAmuyrxSht9wkZSL0mA0tnzV0FfE3vlQArPmhardVMVfIb0l2ILIW6PXYqncSE8iBuKr3zlCo8oAT/rHkxvTls4ruU+2Fs6L4cdFmfbaYwRhkgJ6++I9+4zOAaMLyxnLI904+jkOjCohbkIyLuICpWqG0OowZdTNy0mX+memixSqFr0A5FM9YGwHkYYJ3xbxCBfh+RkLbjFRg82f0W/xJ6ImS7fy+0wFuO61lls/5ee6LQtZD9cxxSqTvIv5CL0WW26jBdOw43biMTm/AuHvBRDc7RSnlM8Ti1wO89dAXNkeEv4BlPCqrjX8w/RYV/7mVIsUqTQdArujK+RbL6jKX8wyFJqQO2dlQJcEgEuINOUJhSqNdOwsG8O/2RfsTSwQK1m53hPM1r/xJ0dI6GJ9p5nbcOcQapdNuxqt7TxccepsV+TtLwoqZKpS/9SwFeVPSwx98GAqmADuFP0DMsDIearVoxl/3zrqzzKPoH0RtJho4Y9gxjOOT/wyzb9MZ1z4jV/BN1SAb/287Ypw3B8QnHzVAajhiOp9HSy+LK+RhYbEtkmPgcm8ehdmqs4rbrcPj32fvoRLPRe6RtZkyGV6oTXr0PCGmf9eMGEUFW4fhqi13reDKMwQZfQZ4faN7kmvqnR5Fwx4Ayl31xbKVjF8MCxAK+EG9gS6vATdRXFvntXjPZihhPuX+B0XDW1sMCFw6Hv1T1UTTQRw=</xenc:CipherValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </xenc:CipherData> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </xenc:EncryptedData> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:EncryptedAssertion> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2p:Response> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Loading state: '_807bc1855bf15a7a8066ef74f2fe7039cd96f61454' Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Received SAML2 Response from 'https://samltest.id/saml/idp'. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Has 2 candidate keys for validation. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Validation with key #0 failed with exception: Unable to validate Signature Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Validation with key #1 succeeded. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Decrypted message: Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_3f83a52d2393725da57cfc2bcf9034a3" IssueInstant="2020-11-30T16:29:37.693Z" Version="2.0"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Subject> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://samltest.id/saml/idp" SPNameQualifier="[OUR_SP_METADATA_URL]">AAdzZWNyZXQx0xpQc+iJJaNG7esNshElDnJqHpHFI7E/54ERC3G/enI7CvAb1M6DkqAhXEbUgFczQl5yZoEeS387X8c6lfwZlaU1olLwfNhETlSFQa3dGbChyllnMGt4kV12FQuO3+bDjtFyoIKJ/U5iHg2xTTM+umsZ4hqymEceTES89Uk=</saml2:NameID> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:SubjectConfirmationData Address="82.64.128.149" InResponseTo="_807bc1855bf15a7a8066ef74f2fe7039cd96f61454" NotOnOrAfter="2020-11-30T16:34:37.696Z" Recipient="[OUR_ACS_URL]"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:SubjectConfirmation> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Subject> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Conditions NotBefore="2020-11-30T16:29:37.693Z" NotOnOrAfter="2020-11-30T16:34:37.693Z"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AudienceRestriction> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Audience>[OUR_SP_METADATA_URL]</saml2:Audience> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:AudienceRestriction> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Conditions> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AuthnStatement AuthnInstant="2020-11-30T16:29:34.970Z" SessionIndex="_2e0d698d6ddb26710a49e729e8213b73"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:SubjectLocality Address="82.64.128.149"/> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AuthnContext> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:AuthnContext> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:AuthnStatement> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeStatement> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>rick</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="role" Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="telephoneNumber" Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>Sanchez</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] <saml2:AttributeValue>Rick</saml2:AttributeValue> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Attribute> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:AttributeStatement> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] </saml2:Assertion> Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Decryption with key #0 succeeded. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Has 2 candidate keys for validation. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Validation with key #0 failed without exception. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Validation with key #1 failed without exception. Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Filter config for https://samltest.id/saml/idp->[OUR_SP_METADATA_URL]: array ( 0 => SimpleSAML\Module\core\Auth\Process\AttributeMap::__set_state(array( 'map' => array ( 'urn:oid:0.9.2342.19200300.100.1.1' => 'uid', 'urn:oid:0.9.2342.19200300.100.1.10' => 'manager', 'urn:oid:0.9.2342.19200300.100.1.11' => 'documentIdentifier', 'urn:oid:0.9.2342.19200300.100.1.12' => 'documentTitle', 'urn:oid:0.9.2342.19200300.100.1.13' => 'documentVersion', 'urn:oid:0.9.2342.19200300.100.1.14' => 'documentAuthor', 'urn:oid:0.9.2342.19200300.100.1.15' => 'documentLocation', 'urn:oid:0.9.2342.19200300.100.1.2' => 'textEncodedORAddress', 'urn:oid:0.9.2342.19200300.100.1.20' => 'homePhone', 'urn:oid:0.9.2342.19200300.100.1.21' => 'secretary', 'urn:oid:0.9.2342.19200300.100.1.22' => 'otherMailbox', 'urn:oid:0.9.2342.19200300.100.1.25' => 'dc', 'urn:oid:0.9.2342.19200300.100.1.26' => 'aRecord', 'urn:oid:0.9.2342.19200300.100.1.27' => 'mDRecord', 'urn:oid:0.9.2342.19200300.100.1.28' => 'mXRecord', 'urn:oid:0.9.2342.19200300.100.1.29' => 'nSRecord', 'urn:oid:0.9.2342.19200300.100.1.3' => 'mail', 'urn:oid:0.9.2342.19200300.100.1.30' => 'sOARecord', 'urn:oid:0.9.2342.19200300.100.1.31' => 'cNAMERecord', 'urn:oid:0.9.2342.19200300.100.1.37' => 'associatedDomain', 'urn:oid:0.9.2342.19200300.100.1.38' => 'associatedName', 'urn:oid:0.9.2342.19200300.100.1.39' => 'homePostalAddress', 'urn:oid:0.9.2342.19200300.100.1.4' => 'info', 'urn:oid:0.9.2342.19200300.100.1.40' => 'personalTitle', 'urn:oid:0.9.2342.19200300.100.1.41' => 'mobile', 'urn:oid:0.9.2342.19200300.100.1.42' => 'pager', 'urn:oid:0.9.2342.19200300.100.1.43' => 'co', 'urn:oid:0.9.2342.19200300.100.1.44' => 'uniqueIdentifier', 'urn:oid:0.9.2342.19200300.100.1.45' => 'organizationalStatus', 'urn:oid:0.9.2342.19200300.100.1.46' => 'janetMailbox', 'urn:oid:0.9.2342.19200300.100.1.47' => 'mailPreferenceOption', 'urn:oid:0.9.2342.19200300.100.1.48' => 'buildingName', 'urn:oid:0.9.2342.19200300.100.1.49' => 'dSAQuality', 'urn:oid:0.9.2342.19200300.100.1.5' => 'drink', 'urn:oid:0.9.2342.19200300.100.1.50' => 'singleLevelQuality', 'urn:oid:0.9.2342.19200300.100.1.51' => 'subtreeMinimumQuality', 'urn:oid:0.9.2342.19200300.100.1.52' => 'subtreeMaximumQuality', 'urn:oid:0.9.2342.19200300.100.1.53' => 'personalSignature', 'urn:oid:0.9.2342.19200300.100.1.54' => 'dITRedirect', 'urn:oid:0.9.2342.19200300.100.1.55' => 'audio', 'urn:oid:0.9.2342.19200300.100.1.56' => 'documentPublisher', 'urn:oid:0.9.2342.19200300.100.1.6' => 'roomNumber', 'urn:oid:0.9.2342.19200300.100.1.60' => 'jpegPhoto', 'urn:oid:0.9.2342.19200300.100.1.7' => 'photo', 'urn:oid:0.9.2342.19200300.100.1.8' => 'userClass', 'urn:oid:0.9.2342.19200300.100.1.9' => 'host', 'urn:oid:1.2.840.113549.1.9.1' => 'email', 'urn:oid:1.2.752.194.10.2.2' => 'sisSchoolGrade', 'urn:oid:1.2.752.194.10.2.1' => 'sisLegalGuardianFor', 'urn:oid:1.2.752.194.10.3' => 'sisOrgDepartment', 'urn:oid:1.2.752.194.10.2.4' => 'sisSchoolUnitCode', 'urn:oid:1.3.6.1.4.1.2428.90.1.1' => 'norEduOrgUniqueNumber', 'urn:oid:1.3.6.1.4.1.2428.90.1.11' => 'norEduOrgSchemaVersion', 'urn:oid:1.3.6.1.4.1.2428.90.1.12' => 'norEduOrgNIN', 'urn:oid:1.3.6.1.4.1.2428.90.1.2' => 'norEduOrgUnitUniqueNumber', 'urn:oid:1.3.6.1.4.1.2428.90.1.3' => 'norEduPersonBirthDate', 'urn:oid:1.3.6.1.4.1.2428.90.1.4' => 'norEduPersonLIN', 'urn:oid:1.3.6.1.4.1.2428.90.1.5' => 'norEduPersonNIN', 'urn:oid:1.3.6.1.4.1.2428.90.1.6' => 'norEduOrgAcronym', 'urn:oid:1.3.6.1.4.1.2428.90.1.7' => 'norEduOrgUniqueIdentifier', 'urn:oid:1.3.6.1.4.1.2428.90.1.8' => 'norEduOrgUnitUniqueIdentifier', 'urn:oid:1.3.6.1.4.1.2428.90.1.9' => 'federationFeideSchemaVersion', 'urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13' => 'sshPublicKey', 'urn:oid:1.3.6.1.4.1.250.1.57' => 'labeledURI', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1' => 'eduPersonAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11' => 'eduPersonAssurance', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'eduPersonTargetedID', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.13' => 'eduPersonUniqueId', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.16' => 'eduPersonOrcid', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.2' => 'eduPersonNickname', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3' => 'eduPersonOrgDN', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.4' => 'eduPersonOrgUnitDN', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5' => 'eduPersonPrimaryAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6' => 'eduPersonPrincipalName', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7' => 'eduPersonEntitlement', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.8' => 'eduPersonPrimaryOrgUnitDN', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9' => 'eduPersonScopedAffiliation', 'urn:oid:1.3.6.1.4.1.5923.1.2.1.2' => 'eduOrgHomePageURI', 'urn:oid:1.3.6.1.4.1.5923.1.2.1.3' => 'eduOrgIdentityAuthNPolicyURI', 'urn:oid:1.3.6.1.4.1.5923.1.2.1.4' => 'eduOrgLegalName', 'urn:oid:1.3.6.1.4.1.5923.1.2.1.5' => 'eduOrgSuperiorURI', 'urn:oid:1.3.6.1.4.1.5923.1.2.1.6' => 'eduOrgWhitePagesURI', 'urn:oid:1.3.6.1.4.1.5923.1.5.1.1' => 'isMemberOf', 'urn:oid:1.3.6.1.4.1.25178.1.2.1' => 'schacMotherTongue', 'urn:oid:1.3.6.1.4.1.25178.1.2.2' => 'schacGender', 'urn:oid:1.3.6.1.4.1.25178.1.2.3' => 'schacDateOfBirth', 'urn:oid:1.3.6.1.4.1.25178.1.2.4' => 'schacPlaceOfBirth', 'urn:oid:1.3.6.1.4.1.25178.1.2.5' => 'schacCountryOfCitizenship', 'urn:oid:1.3.6.1.4.1.25178.1.2.6' => 'schacSn1', 'urn:oid:1.3.6.1.4.1.25178.1.2.7' => 'schacSn2', 'urn:oid:1.3.6.1.4.1.25178.1.2.8' => 'schacPersonalTitle', 'urn:oid:1.3.6.1.4.1.25178.1.2.9' => 'schacHomeOrganization', 'urn:oid:1.3.6.1.4.1.25178.1.2.10' => 'schacHomeOrganizationType', 'urn:oid:1.3.6.1.4.1.25178.1.2.11' => 'schacCountryOfResidence', 'urn:oid:1.3.6.1.4.1.25178.1.2.12' => 'schacUserPresenceID', 'urn:oid:1.3.6.1.4.1.25178.1.2.13' => 'schacPersonalPosition', 'urn:oid:1.3.6.1.4.1.25178.1.2.14' => 'schacPersonalUniqueCode', 'urn:oid:1.3.6.1.4.1.25178.1.2.15' => 'schacPersonalUniqueID', 'urn:oid:1.3.6.1.4.1.25178.1.2.17' => 'schacExpiryDate', 'urn:oid:1.3.6.1.4.1.25178.1.2.18' => 'schacUserPrivateAttribute', 'urn:oid:1.3.6.1.4.1.25178.1.2.19' => 'schacUserStatus', 'urn:oid:1.3.6.1.4.1.25178.1.2.20' => 'schacProjectMembership', 'urn:oid:1.3.6.1.4.1.25178.1.2.21' => 'schacProjectSpecificRole', 'urn:oid:2.16.840.1.113730.3.1.1' => 'carLicense', 'urn:oid:2.16.840.1.113730.3.1.2' => 'departmentNumber', 'urn:oid:2.16.840.1.113730.3.1.216' => 'userPKCS12', 'urn:oid:2.16.840.1.113730.3.1.241' => 'displayName', 'urn:oid:2.16.840.1.113730.3.1.3' => 'employeeNumber', 'urn:oid:2.16.840.1.113730.3.1.39' => 'preferredLanguage', 'urn:oid:2.16.840.1.113730.3.1.4' => 'employeeType', 'urn:oid:2.16.840.1.113730.3.1.40' => 'userSMIMECertificate', 'urn:oid:2.5.4.0' => 'objectClass', 'urn:oid:2.5.4.1' => 'aliasedObjectName', 'urn:oid:2.5.4.10' => 'o', 'urn:oid:2.5.4.11' => 'ou', 'urn:oid:2.5.4.12' => 'title', 'urn:oid:2.5.4.13' => 'description', 'urn:oid:2.5.4.14' => 'searchGuide', 'urn:oid:2.5.4.15' => 'businessCategory', 'urn:oid:2.5.4.16' => 'postalAddress', 'urn:oid:2.5.4.17' => 'postalCode', 'urn:oid:2.5.4.18' => 'postOfficeBox', 'urn:oid:2.5.4.19' => 'physicalDeliveryOfficeName', 'urn:oid:2.5.4.2' => 'knowledgeInformation', 'urn:oid:2.5.4.20' => 'telephoneNumber', 'urn:oid:2.5.4.21' => 'telexNumber', 'urn:oid:2.5.4.22' => 'teletexTerminalIdentifier', 'urn:oid:2.5.4.23' => 'facsimileTelephoneNumber', 'urn:oid:2.5.4.24' => 'x121Address', 'urn:oid:2.5.4.25' => 'internationaliSDNNumber', 'urn:oid:2.5.4.26' => 'registeredAddress', 'urn:oid:2.5.4.27' => 'destinationIndicator', 'urn:oid:2.5.4.28' => 'preferredDeliveryMethod', 'urn:oid:2.5.4.29' => 'presentationAddress', 'urn:oid:2.5.4.3' => 'cn', 'urn:oid:2.5.4.30' => 'supportedApplicationContext', 'urn:oid:2.5.4.31' => 'member', 'urn:oid:2.5.4.32' => 'owner', 'urn:oid:2.5.4.33' => 'roleOccupant', 'urn:oid:2.5.4.34' => 'seeAlso', 'urn:oid:2.5.4.35' => 'userPassword', 'urn:oid:2.5.4.36' => 'userCertificate', 'urn:oid:2.5.4.37' => 'cACertificate', 'urn:oid:2.5.4.38' => 'authorityRevocationList', 'urn:oid:2.5.4.39' => 'certificateRevocationList', 'urn:oid:2.5.4.4' => 'sn', 'urn:oid:2.5.4.40' => 'crossCertificatePair', 'urn:oid:2.5.4.41' => 'name', 'urn:oid:2.5.4.42' => 'givenName', 'urn:oid:2.5.4.43' => 'initials', 'urn:oid:2.5.4.44' => 'generationQualifier', 'urn:oid:2.5.4.45' => 'x500UniqueIdentifier', 'urn:oid:2.5.4.46' => 'dnQualifier', 'urn:oid:2.5.4.47' => 'enhancedSearchGuide', 'urn:oid:2.5.4.48' => 'protocolInformation', 'urn:oid:2.5.4.49' => 'distinguishedName', 'urn:oid:2.5.4.5' => 'serialNumber', 'urn:oid:2.5.4.50' => 'uniqueMember', 'urn:oid:2.5.4.51' => 'houseIdentifier', 'urn:oid:2.5.4.52' => 'supportedAlgorithms', 'urn:oid:2.5.4.53' => 'deltaRevocationList', 'urn:oid:2.5.4.54' => 'dmdName', 'urn:oid:2.5.4.6' => 'c', 'urn:oid:2.5.4.65' => 'pseudonym', 'urn:oid:2.5.4.7' => 'l', 'urn:oid:2.5.4.8' => 'st', 'urn:oid:2.5.4.9' => 'street', ), 'duplicate' => false, 'priority' => 50, )),) Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Deleting state: '_807bc1855bf15a7a8066ef74f2fe7039cd96f61454' Nov 30 17:29:37 SimpleSAMLphp DEBUG [5fe62fd2ad] Session: doLogin("[OUR_HOSTNAME]") Nov 30 17:29:37 SimpleSAMLphp DEBUG [8009b5acfe] Session: '[OUR_HOSTNAME]' not valid because we are not authenticated. Nov 30 17:29:37 SimpleSAMLphp DEBUG [8009b5acfe] Saved state: '_0684283a76a1dccc88609a6d0d40479d6ec9b9e4d6'

We tried to remove each potential element (haproxy, memcached) but on a freshly installed LAMP, it's the same.

Regards

clement-cdy commented 3 years ago

Please ask for any elements missing...

brendanheywood commented 3 years ago

hi @clement-cdy I've not seen this before. Does it work when you do a standalone saml authentication outside of moodle using the raw test page?

https://github.com/catalyst/moodle-auth_saml2#debugging

/auth/saml2/test.php

clement-cdy commented 3 years ago

Hi Brendan, thanks for replying. The bug was also here with an external IDP, but we resolved it. I think there was a problem during upgrade, we were initialy in version 2019022100 and it was OK. We upgraded in 2019110701 and the problem comes.

Because it was on moodle 3.5, we tried your plugin on a more recent version (3.9.2+) and it worked (you can add this version to you compatibility 👍 ). So we re-uploaded the source code of version 2019110701 on the problematic moodle, and all worked fine.

Sorry for this false bug...

Best regards

brendanheywood commented 3 years ago

Ok cool. It is odd the latest version in this repo should work in 3.5 too. If you ever find the root cause feel free to dump it here in case others hit the same issue