search

italia / spid-saml-check

Tool di verifica implementazione SPID SAML
European Union Public License 1.2
71 stars 59 forks source link

AuthnRequest Signature validation failed #179

Closed santesem-links closed 2 years ago

santesem-links commented 2 years ago

Buon pomeriggio, provando ad effettuare la validazione "strict" sull'authnrequest ottengo questo errore.

punto 34: failure - value: The AuthnRequest MUST validate against XSD and MUST have a valid signature stderr: func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=268:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed:openssl error: 151584876: PEM routines: get_name no start line func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=172:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=/tmp/tmp4eaaowsk.crt Error: xmlSecCryptoAppKeyLoad failed: file=/tmp/tmp4eaaowsk.crt Error: failed to load public key from "/tmp/tmp4eaaowsk.crt". Error: keys manager creation failed Unknown command stdout: Usage: xmlsec [] [] xmlsec is a command line tool for signing, verifying, encrypting and decrypting XML documents. The allowed values are: --help display this help information and exit --help-all display help information for all commands/options and exit --help- display help information for command and exit --version print version information and exit --keys keys XML file manipulation --sign sign data and output XML document --verify verify signed document --sign-tmpl create and sign dynamicaly generated signature template --encrypt encrypt data and output XML document --decrypt decrypt data from XML document Report bugs to http://www.aleksey.com/xmlsec/bugs.html Written by Aleksey Sanin aleksey@aleksey.com. Copyright (C) 2002-2016 Aleksey Sanin aleksey@aleksey.com. All Rights Reserved.. This is free software: see the source for copying information.

In particolare, provando a validare la request tramite un tool esterno ( https://www.samltool.com/validate_authn_req.php) non mi vengono sollevate eccezioni.

Ho provato anche una vecchia versione del validator - hostata su https://www.spid-validator.it/ e tutto fila liscio.

Andando a recuperare i messaggi di errore vedo questo:

>>> env IDP_ENTITYID="https://localhost:8080" spid_sp_test --metadata-url file://../data/https_localhost5001/sp-metadata.xml --authn-url file://../data/httpslocalhost_5001/authn-request.dump -rf json -o ../data/https___localhost_5001/sp-authn-request-strict.json Spid QA: executed 144 tests, 3 failed. 0 warnings.

{ test_id: '', result: 'failure', test: 'AuthnRequest Signature validation failed', value: 'The AuthnRequest MUST validate against XSD and MUST have a valid signature\n' + 'stderr: func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=268:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed:openssl error: 151584876: PEM routines: get_name no start line\n' + 'func=xmlSecOpenSSLAppKeyLoad:file=app.c:line=172:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed:filename=/tmp/tmpbx8dvik5.crt\n' + 'Error: xmlSecCryptoAppKeyLoad failed: file=/tmp/tmpbx8dvik5.crt\n' + 'Error: failed to load public key from "/tmp/tmpbx8dvik5.crt".\n' + 'Error: keys manager creation failed\n' + 'Unknown command\n' + '\n' + 'stdout: Usage: xmlsec [] []\n' + '\n' + 'xmlsec is a command line tool for signing, verifying, encrypting and\n' + 'decrypting XML documents. The allowed values are:\n' + ' --help \tdisplay this help information and exit\n' + ' --help-all \tdisplay help information for all commands/options and exit\n' + ' --help-\tdisplay help information for command and exit\n' + ' --version \tprint version information and exit\n' + ' --keys \tkeys XML file manipulation\n' + ' --sign \tsign data and output XML document\n' + ' --verify \tverify signed document\n' + ' --sign-tmpl \tcreate and sign dynamicaly generated signature template\n' + ' --encrypt \tencrypt data and output XML document\n' + ' --decrypt \tdecrypt data from XML document\n' + '\n' + '\n' + 'Report bugs to http://www.aleksey.com/xmlsec/bugs.html\n' + '\n' + 'Written by Aleksey Sanin aleksey@aleksey.com.\n' + '\n' + 'Copyright (C) 2002-2016 Aleksey Sanin aleksey@aleksey.com. All Rights Reserved..\n' + 'This is free software: see the source for copying information.\n' + '\n', references: [], method: '' }

santesem-links commented 2 years ago

Aggiungo informazioni: Lanciando il comando manualmente da dentro al container.

In caso fosse necessario - posto anche il Metadato del SP e l' AuthNRequest.

# env IDP_ENTITYID="https://localhost:8080" spid_sp_test --metadata-url file://../data/https___localhost_5001/sp-metadata.xml --authn-url file://../data/https___localhost_5001/authn-request.dump -rf json -o ../data/https___localhost_5001/sp-authn-request-strict.json INFO:spid_sp_test.metadata:SpidSpMetadataCheck.xsd_check: SpidSpMetadataCheck.xsd_check INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_EntityDescriptor: Only one EntityDescriptor element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_EntityDescriptor: The entityID attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_EntityDescriptor: The entityID attribute MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor: Only one SPSSODescriptor element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_NameIDFormat_Transient: The NameIDFormat MUST be urn:oasis:names:tc:SAML:2.0:nameid-format:transient INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_xmldsig: the metadata signature MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The Signature element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The SignatureMethod element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The Algorithm attribute MUST be present in SignatureMethod element INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The signature algorithm MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The DigestMethod element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The Algorithm attribute MUST be present in DigestMethod element INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Signature: The digest algorithm MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_KeyDescriptor: At least one signing KeyDescriptor MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_KeyDescriptor: At least one signing x509 MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_KeyDescriptor: At least one encryption x509 MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: One or more SingleLogoutService elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Binding attribute in SingleLogoutService element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Binding attribute in SingleLogoutService element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Binding attribute in SingleLogoutService element MUST be one of [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect] INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Location attribute in SingleLogoutService element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Location attribute in SingleLogoutService element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SingleLogoutService: The Location attribute in SingleLogoutService element MUST be a valid HTTP URL INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: At least one AssertionConsumerService MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: The index attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: The index attribute MUST be >= 0 INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: The Binding attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: The Binding attribute MUST be one of [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect] INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService: The Location attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService: One or more AttributeConsumingService elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: Only one Organization element can be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: One or more OrganizationName elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The lang attribute in OrganizationName element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The OrganizationName element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: One or more OrganizationDisplayName elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The lang attribute in OrganizationDisplayName element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The OrganizationDisplayName element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: One or more OrganizationURL elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The lang attribute in OrganizationURL element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The OrganizationURL element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The elements OrganizationName, OrganizationDisplayName and OrganizationURL MUST have the same number of lang attributes INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Organization: The elements OrganizationName, OrganizationDisplayName and OrganizationURL MUST have at least an it language enabled INFO:spid_sp_test.metadata:SpidSpMetadataCheck.xsd_check: SpidSpMetadataCheck.xsd_check INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor_SPID: The protocolSupportEnumeration attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor_SPID: The protocolSupportEnumeration attribute MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor_SPID: The AuthnRequestsSigned attribute MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor_SPID: The AuthnRequestsSigned attribute MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_SPSSODescriptor_SPID: The AuthnRequestsSigned attribute MUST be trueINFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService_SPID: Only one default AssertionConsumerService MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AssertionConsumerService_SPID: Must be present the default AssertionConsumerService with index = 0 INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The index attribute in AttributeConsumigService element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The index attribute in AttributeConsumigService element MUST be >= 0 INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The ServiceName element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The ServiceName element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: One or more RequestedAttribute elements MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "spidCode" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "name" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "familyName" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "fiscalNumber" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "gender" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The Name attribute in RequestedAttribute element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: The "dateOfBirth" attribute in RequestedAttribute element MUST be valid INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_AttributeConsumingService_SPID: AttributeConsumigService MUST not contain duplicated RequestedAttribute INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_email: The //ContactPerson/EmailAddress element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_email: The //ContactPerson/EmailAddress element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_email: The //ContactPerson/EmailAddress element MUST be a valid email address INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_phone: The //ContactPerson/TelephoneNumber element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_phone: The //ContactPerson/TelephoneNumber element MUST not contain spaces INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_contactperson_phone: The //ContactPerson/TelephoneNumber element MUST start with "+39" INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: ContactPerson MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: ("Missing contactType in {'contactType': 'other'}: The contactType attribute MUST be present",) INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: The contactType attribute MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: The contactType must be "other" INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_PubPriv: Only one ContactPerson element of contactType "other" MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Extensions_PubPriv: Only one Extensions element inside ContactPerson element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Extensions_PubPriv: Only one Extensions element inside ContactPerson element MUST be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_VATFC: only one VATNumber element must be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_VATFC: The VATNumber element MUST have a value INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_VATFC: The VATNumber element MUST start with a valid ISO3166 Code INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_VATFC: only one FiscalCode element must be present INFO:spid_sp_test.metadata:SpidSpMetadataCheck.test_Contacts_VATFC: The FiscalCode element MUST have a value ERROR:spid_sp_test.metadata:SpidSpMetadataCheck.test_extensions_public_private: Missing ContactPerson/Extensions/Public, this element MUST be present ERROR:spid_sp_test.metadata:Missing ContactPerson/Extensions/Public, this element MUST be present ERROR:spid_sp_test.metadata:SpidSpMetadataCheck.test_extensions_public_private: The Private element MUST not be present ERROR:spid_sp_test.metadata:The Private element MUST not be present INFO:spid_sp_test.authn_request:T e s t a u t h n _ r e q u e s t w i t h s a m l - s c h e m a - p r o t o c o l - 2 . 0 . x s d INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: One AuthnRequest element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The ID attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The ID attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The Version attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The Version attribute MUST be 2.0 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The IssueInstant attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The IssueInstant attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The IssueInstant attribute MUST be a valid UTC string INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The Destination attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The Destination attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The Destination attribute SHOULD be the address to which the request has been sent but can also be the EnityID of IdP (Av. SPID n.11) INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest: The IsPassive attribute MUST not be present - TR pag. 9 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: One Issuer element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The Issuer element MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The Issuer's value MUST be equal to entityID INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The Format attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The Format attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The Format attribute MUST be urn:oasis:names:tc:SAML:2.0:nameid-format:entity INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The NameQualifier attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Issuer: The NameQualifier attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotBefore attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotBefore attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotBefore attribute MUST have avalid UTC stringINFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotOnOrAfter attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotOnOrAfter attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Conditions: The NotOnOrAfter attribute MUST have avalid UTC string INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RelayState: RelayState MUST not be immediately intelligible INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The Signature element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The SignatureMethod element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The Algorithm attribute MUST be present in SignatureMethod element INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The signature algorithm MUST be valid INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The DigestMethod element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The Algorithm attribute MUST be present in DigestMethod element INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_Signature: The digest algorithm MUST be one of [http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha384, http://www.w3.org/2001/04/xmlenc#sha512] ERROR:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_xmldsig: AuthnRequest Signature validation failed ERROR:spid_sp_test.authn_request:AuthnRequest Signature validation failed INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The ForceAuthn attribute MUST be present if SPID level > 1 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The ForceAuthn attribute MUST be true or 1 - TR pag. 8 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AssertionConsumerServiceIndex attribute MUST be equal to an AssertionConsumerService index INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AssertionConsumerServiceIndex attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AssertionConsumerServiceIndex attribute MUST be >= 0 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AttributeConsumingServiceIndex attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AttributeConsumingServiceIndex attribute MUST be >= 0 INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_AuthnRequest_SPID: The AttributeConsumingServiceIndex attribute MUST be equal to an AttributeConsumingService index INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_NameIDPolicy: One NameIDPolicy element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_NameIDPolicy: The Format attribute MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_NameIDPolicy: The Format attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_NameIDPolicy: The Format attribute MUST be urn:oasis:names:tc:SAML:2.0:nameid-format:transient INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_NameIDPolicy: The AllowCreate attribute MUST not be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: Only one RequestedAuthnContext element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: The Comparison attribute MUST be presentINFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: The Comparison attribute MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: Attribute not valid INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: Only one AuthnContexClassRef element MUST be present INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: The AuthnContexClassRef element MUST have a value INFO:spid_sp_test.authn_request:SpidSpAuthnReqCheck.test_RequestedAuthnContext: The AuthnContextClassRef element MUST have a valid SPID level Spid QA: executed 144 tests, 3 failed. 0 warnings.

santesem-links commented 2 years ago

Buon pomeriggio a tutti, ho provato in tutti i modi, ho usato anche una libreria terza per la generazione della request - ma nulla, ho sempre errore nel punto 34.

Ho usato anche il tool --> https://tools.chilkat.io/xmlDsigVerify.cshtml (rimuovendo opportunamente gli spazi e minificando l'xml) e non mi risultano problemi né sul metadato né sulla AuthNRequest.

image

santesem-links commented 2 years ago

Buongiorno a tutti, dopo aver aggiornato la dipendenza verso spid-sp-test all'ultima versione (0.9.22), il controllo va a buon fine.