search

handnot2 / esaml

Erlang SAML library, SSO and SLO, with Cowboy integration
BSD 2-Clause "Simplified" License
19 stars 49 forks source link

LogoutRequest Validation Error #8

Closed mjcloutier closed 6 years ago

mjcloutier commented 6 years ago

My Samly LogoutRequest is not creating valid markup in https://www.samltool.com/validate_xml.php

<?xml version="1.0"?>
<samlp:LogoutRequest
    Destination="https://dev-455970.oktapreview.com/app/heimdall_heimdall_3/exkga21ozaP0T2pcG0h7/slo/saml"
    ID="id153704109584333124814146" IssueInstant="2018-09-15T19:52:28Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Reason="urn:oasis:names:tc:SAML:2.0:logout:user" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id153704109584333124814146">
                <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>4tDSZaOzXbmXi3BCqaiYC2WY5V1wLyPuh5xmAdJK6mg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GPYcJ7VSenb/P43/bUYi/8dtLTVlGkHT88l7xB+Eea+zY2bOiUraPTqtbWavDvb0yd6qwdwWCDypNLS3CA/Z1d2LWriv9c23S002PjhxubnbFn0MolcDVWpY/kGnN2h6PJOJLXjHSFbnYAFvPejflHTGur11YJtg7lqrZJ2shxZoER2W1/uS2tj/iVhPIf+OyqHjAkOt2KfYlWDoIemiOwvMmz6uu84sp1wEvfYi8tW42GHHHgJFdSL9k9JdOhlDH0MlhUWF6rzm2DIfZJyRZMg5kgzQiRLAYs1ygGC6NkO2g5IQckWrej0KxyEBaXebwMD0w94xKp3iDivwl/mfudhRNCtIyMThtZw7qfT/PzuSH125MdY0krhWvZCXAZ1DR1fBhzw6/RoZFk/Eq7+iBV+GrRAcgBLv7BOaDUXGuFJIIp1g3TfYtxLRJuiC0rRMV8gEiKXiH0Rm9Wh8jw+pn8A/8/KMRVrcndpzQsla3MJ1BN7HRE5TzsL18SlAS2hMhb+Pj6JNBF6KSoEWZivqGfbwrspjzAg1Xx/ZCrBu7HkrF/+9bt+W9xAuQ6JzNHJFZxg9lufvQYBhvJOfQ3ea0wUCRsHkrb5eEDtndeQ4wPf+g9ncW62zDooQDXyYw0OMHY4IE3iNy8JJt+Up+IUB64tRDYbg6VVxM0Uu6nMSS9g=</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAWXOODnmMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00NTU5NzAxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTgwOTEyMTQzNzM2WhcNMjgwOTEyMTQzODM1WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDU1OTcwMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlveqreKkBgHRsCbxLCYAyEWydeqzbzNZ9MWElnE89n/Ums2CpWBh9b9lFZlJXr1eb+07E3jKROZQuzPV8z6Ds2G7jDv92apXJ1so2SZ7DVdE4kC8Z11ujbMW+F3WWeGK+vASdGYkIbcpXdgy42Whi7MWqw8vwFIC4rxJ7HffwSpQvc87+tICDO2jn/iVupoqTQhjyKg0iuJV4vli5D7ne7n0E5sn3AE0R3hLn+88Ufm7MZD8AXVEdna8t8/kqGYVrol7yLYlOPp8u+pNd0bkAQ3lBRJb6f/kch8ommlywzv7lZA9+d02xaHd0G2x/KJt6xqVHTBazK5fdbCKgV7fXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBvb5Raz1XYOSVV7scdOwSzhf0r0GOBl9V2YNmLD8gCID5VknJHBD+riI8vHu2UkIh39s2c+4LISTQ9Gu0KCcI2LU8nXz9Xy3oGMEgYEUz7ZwmcZGU/bMIANjfdyhJ1kURMG0vQcjNMVpAvqna+mb1idFTwjK7ArEgaOxh/XoCNIZ9t1tkZh69DX09nUYTn1G3RIbyGGZ/7GY2dfSJubuhZnvK528QaowvRG/zGHYbwUdwgbJIMTX2eR1jHKTi3L5xM/hED/fPkbF880fheumiR9AAS3OB71DdiUM3LMc8iaZkTd7PTXvfw7TeSM9rf62Caimx0DhBjJhsuI6PyXxC4</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml:Issuer>heimdall</saml:Issuer>
    <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">michael.cloutier@experian.com</saml:NameID>
    <samlp:SessionIndex>id153704105052115878813602</samlp:SessionIndex>
</samlp:LogoutRequest>

Validation Errors:

Line: 8 | Column: 0  --> Element '{urn:oasis:names:tc:SAML:2.0:protocol}LogoutRequest', attribute 'ProtocolBinding': The attribute 'ProtocolBinding' is not allowed.

Line: 23 | Column: 0  --> Element '{urn:oasis:names:tc:SAML:2.0:assertion}Issuer': This element is not expected. Expected is one of ( {urn:oasis:names:tc:SAML:2.0:protocol}Extensions, {urn:oasis:names:tc:SAML:2.0:assertion}BaseID, {urn:oasis:names:tc:SAML:2.0:assertion}NameID, {urn:oasis:names:tc:SAML:2.0:assertion}EncryptedID ).