lawrencepit / ruby-saml-idp

SAML Identity Provider library in ruby
MIT License
137 stars 102 forks source link

I get the error: Zlib::DataError at /saml/auth invalid code lengths set #27

Closed dsolano-gap closed 7 years ago

dsolano-gap commented 7 years ago

For some reason I'm getting this error:

Zlib::DataError at /saml/auth
invalid code lengths set

I generated my own certificates and I'm testing it locally, when send the request it fails here: @saml_request = zstream.inflate(Base64.decode64(saml_request)) exactly on the inflate method, the decode64 works good and I can read perfectly the xml:

<samlp:AuthnRequest AssertionConsumerServiceURL='https://localhost:9001/v/callback' 
Destination='http://localhost:3000/saml/auth' ID='_79a0007-7a33-4660-aa5c-06352b3b0008' 
IssueInstant='2017-08-03T20:28:11Z' ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' 
Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' 
xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'><saml:Issuer>http://localhost:9001/</saml:Issuer>
<ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'><ds:SignedInfo><ds:CanonicalizationMethod 
Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'/><ds:SignatureMethod Algorithm='http://www.w3.org
/2000/09/xmldsig#rsa-sha1'/><ds:Reference URI='#_79a06347-7a33-4880-aa5c-06352b3b6638'>
<ds:Transforms><ds:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'
/><ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#'><ec:InclusiveNamespaces 
PrefixList='#default samlp saml ds xs xsi md' xmlns:ec='http://www.w3.org/2001/10/xml-exc-c14n#'
/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1'
/><ds:DigestValue>Da5OtETbfjtPr1gR570a6/rhqjQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>
<ds:SignatureValue>0gLy8U3EAHJg
/drpr0Vq49ZzsomJ8z+QtrXPkBKCmFLCKyIjlVOYA8Ugq8+7UBH3kWzWz
/TnLGJbU7TNwZTkJQI3bk9Lyppc+6JPBMFP7oknxi8S2YFXd6WWkxVU0EEBhNLBnHIUrVnYGex3C6FYe
TrgFyscUmrz+099kgpWqso=</ds:SignatureValue><ds:KeyInfo><ds:X509Data>
<ds:X509Certificate>MIICATCCAWoCCQDC8zSdppoKyjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQ
GEwJBVTETMBEGA1UECAKJADKAJSHDAJL0ZTEhXXXXXXCgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgT
HRkMB4X0IFdpZGdpdHMgUHR5IEx0ZDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3SuvHf2+80PK9ePk9D3LAKJSDHALSKJDAHLSKJDH7B5VQjtP
/rwsTsnKv0Lk322mvNq89NQtXXXXXXNdkod9MF6A21
/myhxscLiUmcuaY1rtj0J59uIKysuFBWFqIn0Tx0XhvALKSJDHALKJSDHLAKJDHAJADHLKC7YpJvzkCAwEA
ATANBgkqhkiG9w0BAQsFAAOLAKJSDHWUOIQWmmBK375Q6qTY7pWTHbZijndHyv
/MwQpqAwX/Ng0249D8nWLg3V+ui/hAdHBUaXgMaW4YNyM0mZbjT4qfpSjSj/hmsesHU
/zm0FLw1McpchzZI8Rx04CIQJsXPoeaOEALKNCASA1twTR6q9GkYEAB9NEkfg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:NameIDPolicy 
AllowCreate='true' Format='urn:oasis:names:tc:SAML:2.0:nameid-format:transient'/></samlp:AuthnRequest>