search

lightSAML / SpBundle

SAML2 SP Symfony Bundle based on LightSAML
https://www.lightsaml.com/SP-Bundle/
MIT License
66 stars 70 forks source link

Error Unable to verify Signature when using testshib #26

Closed cedricduffournet closed 7 years ago

cedricduffournet commented 8 years ago

Since yesterday I get an error : "Unable to verify Signature" when using https://idp.testshib.org/idp/shibboleth. I also have this error in demo project : https://github.com/lightSAML/DemoSP

tmilos commented 7 years ago

What does their (testshib) log say? Note that after some time testship forgets about registered SP, so when that happends, and I see it from their log that it's unrecongnised SP, I have to repeat the SP registration process and again upload my metadata, and give it some time to process it. Afterwards it starts working again - they can find me in their sp store. I guess this is the url you can check testshib log https://idp.testshib.org/cgi-bin/idplog.cgi?lines=300&logname=idp-process.log, but to be 100% sure, you should follow the link on their error page, once you get there to login, and they report an error

cedricduffournet commented 7 years ago

Actually I have no error from testshib, the error come from the bundle when trying to verify the signature sent in response. Is the demo working for you ?

tmilos commented 7 years ago

Ah, in that case I would need the whole symfony log from the beginning of the ACS request to it's end, , IDP metadata, and your key pair. Haven't tried it recently, but worked ~6 months ago, it should still be working

cedricduffournet commented 7 years ago

Yes it was working find for me as well. The problem appeared when I posted the issue (20 days ago). You can find information bellow, hope it helps

Metadata

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://odissea-backend-dev.local/app_dev.php/lightsaml/demosp">
  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6xZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6DTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxjam4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27QLlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAbt3dnqPI=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREwDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwuY29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNVBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIOYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xuLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2iHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67vsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOAFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3JhZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+tMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6xZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6DTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxjam4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27QLlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAbt3dnqPI=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </KeyDescriptor>
    <AssertionConsumerService index="0" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://odissea-backend-dev.local/app_dev.php/saml/login_check"/>
  </SPSSODescriptor>
</EntityDescriptor>

Log

> Received message
> Context: { "profile_id": "sso_sp_receive_response", "own_role": "sp", "action": "LightSaml\\Action\\Profile\\Inbound\\Message\\ReceiveMessageAction", "top_context_id": "000000004b3fa1b9000000014059a6f1", "message": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<saml2p:Response xmlns:saml2p=\"urn:oasis:names:tc:SAML:2.0:protocol\" Destination=\"http://odissea-backend-dev.local/app_dev.php/saml/login_check\" ID=\"_a0c037fb1d36be8eb3d47cbbf40d0e18\" InResponseTo=\"_750bccec57232145e075a0ecda02f3e7113aac63ca\" IssueInstant=\"2016-09-20T07:44:11.429Z\" Version=\"2.0\"><saml2:Issuer xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">https://idp.testshib.org/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></saml2p:Status><saml2:EncryptedAssertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Id=\"_3361e1069815574aa0ba8e3068220390\" Type=\"http://www.w3.org/2001/04/xmlenc#Element\"><xenc:EncryptionMethod xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\"/><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><xenc:EncryptedKey xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Id=\"_cf1e7e61eea2e58935a13065a416cff3\"><xenc:EncryptionMethod xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p\"><ds:DigestMethod xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/></xenc:EncryptionMethod><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREw\nDwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwu\nY29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNV\nBAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20w\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/\nWnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIO\nYr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xu\nLUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2i\nHhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67v\nsXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOA\nFHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3Jh\nZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+t\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6\nxZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6\nDTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxj\nam4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27Q\nLlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAb\nt3dnqPI=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><xenc:CipherData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><xenc:CipherValue>ASHg5nlMS6iu2F+vyzCh3Z33+Eq4JVn5VOKtLDdOS1JY+MPU0Tl3BTiSo+GLrGU5a+ixjOBd+3JMYAerjoz/ma26M4yuCYdilDpYbcVjI4Oywqu5+BD1Xse6agdZm/ceBi8cSDRe/5RtUHCTCpPIaloitmCZsGVPSNpn7LaNST4IRfWi1q0FRGYjO6y/3NQMTL418YudS93RSPi5+QKq7PuSwgEp8phk/g88QSQHWIiNVfcAW4LoaZQo9UGeE7T/x0qrKUBHqks1FfytcDwIXM4ibDWwVu6VK0wHWoZ06w2AHY09IM+oPKkuctR20Xq1T7vb7N3l7XCa104Yg7CUQg==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\"><xenc:CipherValue>3AY/dDLYyZZLxabWpWfqwu/pJlYd2vCHXYi351t9fs4f+Nbmvx+LsAyAqm6sQteriAjnuXZQjeyEW9x9JGEexRy5esi+87jRVwH/w2ojdG9vso+WbQWfJjDw4LVhVZsLs5oC3eeJ+79sixxPbLxNEF8Lv+IPJno06jBiiBnnBqOPkZrJGdNLfCGPI4eOlfp20nD/AQuib+jmuwyePXY+ZPFj2cs5An54tXrPBNTzwJVpOrim77O8tP+Jfzhan6HSu4qs7uEMz9hFTyJ47p6lKi5sZPuQLxby19xBXpHeR36QD5+NQZcUA9Yj0KXsSh9e9+5yy/fVdXo5h1XGQpJUDelXpPVy50BBqQIUJy9yIa4glNPNHJdOSFhjdTLvaZGl9774vJQhHfGyWzwwPh5pCVufrJO/BCcw6ye3bP/8B6GWkgLdy1+pR8IRymZmoVudFWL+cOoZV99M7UDDLxMw3VCCHx6V41N89Xv6mGx9rF77f0kqRn4nkT2WppQV12c9fBE7Qn+9onsglWsftpFLP9A7N6BTujEZT6y+fzf0kX5mUkhh1QT2IMoXK3LPaO2y1ZkhgXyEcLbQ24NuQAdIjAXiodqfJQHQ8AqZKRbxz8g9QukznfmQyyD1nt7OuaIgUsPSPba2bJiJpJUTtnzO7/2lpXeyCCkh4fuVCJPm6WWpl3GrzeXaqMzSYxKBKANjonlJsBugFaAWHWuhhm9Mm7PhRR2E2Y3qAgOkWk40NBBm2xjbaPhsu8Cra8vVfmYPvK+Da3cTc29/YGzlezjLDyefaPAGzwOiWuLoo5t7oVknUUjoDEIkXqaSjJ7L3vrvXK6tXs/rN6L69B5XYqPiMfaPINy5O1LcaWSUiCCR6jnJML1szvcRb5V5OxGjYGig5YoTK1YMmjOMazvR+1ry72XuuL8cFP+O4kM4pexqEVGntis0+qbNlkitGTLgeGtlE1pfeuJHyaQOaj4S9T6R1fFwK0ZHIQAZqaiX35vdijC/AbWDkbWUVAx80syumiH+/hOitq3fZIcsgoMyQyhxeI3xDPCENg1BtguHMryUslvkrr3qEOIZMrh9xBwjNl6S51d0RHSF9/WTrbAFeD7UfiHUc6jXk/9xj2XC8ZjmVNHqY+wgUv+dCSxdSU4UFRkn/x6W6bjUhIza4g12zN3DFL/dnGU11MF/EuDNr2Z0FtajfndB17liqDFx3brKoyiHWar2rMciNvIv4yGwkZ69eNyo/rkoXfivgfruIqTV9UM4g/3JHAFvs2CSGlSuAgSSEDK8nyUVicSXHlzZPJQxWCGKVbk5HKQYTlJ5FGtKvmTGnexS4/Ndmr/gF+n7Pab5kbynupcnVgvHxp15TiwIGsLeOBgB+cf2/AwlSTClHFqpFSFTHDDksO8PeWMTjrGFd0Q6zI4Lf2I4NIfoc5jxkgCRTsOckyuZcYBlSFHr+FgDQhbFTevho7A5xeydznwsRZxs+5hQrGuhzEsb9qq2pn/RKYjlCvmlJG2wVDX0x0q2nbxxxZQfyq+dBh2cDCsb70zccHLO+Ynku7WKoTt2JAUnhQqoUPwphzmZRudWk3o5rj2F0rro0QFe1EI+xT1rHu4vIjPe8GFOIML6sqoy5YnYo/rnKcpHSvG1w/WqkZuEaeB2aBysnylLO4rUrcmOWffEzpHjiXRGnV8TJnlf0W7lMGatl4HMV2pOCm2snFaO8Lsp/f3Y66C1uUQCtTRZgfmGx/J/UXSfzrqbSSey5GF6YCviKujrjoxd7JJmhWtFejTfOqwuevMyBaxVgIxg9IyFSUMk4RPz8H5Qxx4/rjNku8GOgM9qeecEy5NVaViYO8Q4okkMgaKbnBw4S26SitVWcztYD7QaBxMs4clq5hZxS/2DwGKtvamdq7HGVVQyHeAB4NRQE70j3NO7S8dHRStcve6lKZaEwk14LQCfy/5AzubprnjJVEFuSUNeYxWTJ3Y80Y0ebySr+BW2p/N7hZ+ffmLyjtCXVDa3nXoaI7qBmtEppigZSQHV6F/2rB7yl6UXKlMJBj06JnSWoQiTeY83lpn/B9izvnMYy3IVbfjju4Y5KmJlyN8CPXnGTupm8OP6N6pWJ3R3ZTlLpbb127dx0tpR6RVAKHPI09D0UjuXb/y5CUgGh4pumzaCv4ubxOf5Bz9hxspJKpsylIJ4iZ6vI/YYMB5DmezKr4jaDwxkdy/sSk97gLMVibmyAT5ofI9cJiEc2LxswwAgeWM7F9gtP26EIHz1eMhcrk8t872o/9phfc4L05yqVvFDNhfpNonF+aJ5AtpzlK8TrdCnwEUd/LbAPFYK9x31rYNcRCFc0Y8ZC2i8Epp2PDjeTMPSBdjRLuTLpjGnuclmugCrumjR1evtRm7Nh01bndVLYHbzG0YhQO2mMYRvvWuczxC42ob/UcEt4eFwibv7Lmey1JzXjT9bMsN8tTSeDjf3ZAGPDqN9xyN2vg/iWHvEWJWgW6zrry29K4kLvXq/dAsmTiJpDnvIqkG1mMsSO48917Qi0/iL0Kwt1+FagdtHnzkWiJnZa3rgd4/HSE74v5lyZiNHOZV9REEn3dU0Oq9gy20J3wuqt/eDx53ycZueMxl4je4wDWA09eOl9yWso7jQCZrzK/4KBOWe5e5yiO34kXUDiqQNEJcIdFVpyll/ZLk8ThtTXiKQ00rv+quErEkzWruIM1DwQmrqgiFe1L6jBfNneiAj/yzwKeMHh9OgNYPJfkwD4GmDkaaSpbQgB3k6axhoDQQ7JWZDiYQIbC7pnMrIsTwjDBVNQjIWAlFysYXEiYxyV8Ubf9WlPBOt6bx9GWC9b+TwZBWrIJUHWZix5n5FT3xfrokPzX6VyrODwXZzKFrjPxASj3ELixPQ2xXuQYhl6pS/qwQYVxO914W/hcEWSD3VGPzUYD0SD8aYA6T5/Ed2IwrE2YqMQvfS0jGJm3r/G/Pg78KOo1soHckkPE+m3xcRMKo9vAdLdR1Rz3JlV2i2HkHO+TmYlKpD741Tlfs8ZVI0GwuCq/VPaoMLRw7fAOWeSmGp+tROtEaQyXUCQ+fLTDYZ7ugO5kIXFC9hfR4yYQNmHO3SqOhrfP8A+E4rJOiqp50Txqux1t5KsxdYteniUZFdafoxrU5BxaiTY0eBDlS5FLUBDf6nTzSlxaT8v39gHU5xj5xkHfEKDwmGd8BBUdl0ykAhCYvf5bm650X/P/wVjpJbpgDH2XQY+5s3qflUxyr+XH8aDshXqZyjaCv3MMiOax37Sm09UC/46N68NUaXG3PwBXcxK0ks9zB11IW8srEwpTlVSt1lb1onE0zYd1neLuNXtyL9UPXck36exPXz1A90A+44UkHno3UhujQtq3APJOeskMGdA8j2k5Kzzv6jwpi4BHxaOibX3p9l43SfPbt+DNzEdNtakqkbs/RY4oPRRr/A/8zLg+CQNz9GUNOcO2Ua6ShQajFLkkC4Bkr8EiU4Zi1RpRZFl3edKBlskTnr5C+2EfzCASw1z/oEhkkJqeol9N+QQsGI5AHh0BmLV61JJW3mFHC7rqEPded+HtvuiU7G+5vecePBvmlegeTsqrUJK0c8CYzQPx40e+hnGS4WYG0v0Gy+rQuHPT9SiLN1YBC7zt5QdPcZcwIyAf6ScPhg1zqmNS4tH5YVuTm4CwzD+7D+SZ/+4VHdMss8cx/VORZJRrWz/y//gXdcqVk6EWIyrj2ig7er0CJtGVtITAvP3pjeK5RXO/DULoldWZbApp0rER5Hn5UFVZyzD5CPOTLseFxhmQPaEqrKMg7bCDw/8RGNyawYAFu4LB6a/7/cFkZ/wxPcVcTe7lI0d95kIG1nif09qrDqqlImjOTppH7XQ0qf8tmEOKOmmn3K7Ww6Z7LgazIWaFF/OGbzbcchRtNaqGwhS+mLF5tIDvgdvUfy8VKpNdPo1/KVOotf91dew57tUSN5fterC24Kt4px2yKXOhBrNuurXxTRcqjzkyG6LOpm5t6Dy4Jl05A9ocSMwtRotim4EPZXXiiJeIraTP5PhhtlF8zc4UL4h+3GYJRml49ch3qotJFBI1Z05h8mMNa/jYx43cJYTAeDOIX7r6gVHQGy4pPasz8M6egmbd1GRd/O8CSUJ/5c7QVoKH+E5JaxL+mrUVq1emiMds1C36Z2j/VdLS8ll/XdgPeyavcVDTCmdSLy+SDJtwkquK8ZPmeGnhbyTXkvltqKaJoqRD1DG/JLo10v/G/ej8whJinkPfhp1Smp3rnP3pdKx2FZSTQxJQb+hY0zBJcszh63Y6HFTts2hKcqfR9dn594Zrzy1FM/RaCqThv+0zk1T5NyYOatM59iHtAS1xLM0vbroFs+5cm20SA3ebHZtgjRq0YFW7B8G52U0aQw/7Q3jtozr3V9iaTxro+DuIq4q5CCaq3CnclMKQqC230rxtlEJJf2Sb9L4WFXmq3S73hGqM9J1Oii/N8tXufsL4Pl2IrZFuZSYncFdN5E7Iu5AstewEVBahSl9PUvxX0CIykK8fjqwzqG0a7kWZ9VXIeHKUkDxyK9I0TknPSkqMBP0hAcRxTwVjYdLehLCyT1ZOBDMF3DKn46OOJSCQ7lDcOiscaUarxmVs+Eb4ReM9PfBhBfT06Y+tBazDyuXpmFQUghaKCxJXeU6Aw79LZvUC7bFj2SSCMYh9sXF84x1RCvFUxXVhOeMJ794j3lWvGfJSZhlHrU4wkzrjN3pQZ9aAo/vNypYDSgOiRFgGZ660UJDTWShQx8Fxwh++uRzBmnhv78bDzmPrHUti7Wjua6+kolmaGksB+Cwyf9X5IWF1ZUJ2xV+oaMA4dayy8UiwY7AwW1yVFGzwd4NAi8vUGMO2R5KOc6QiilGqrnvMDqnqKmZKaM91L3x5l41nGLQzoRW0FFl0UIMiO9UCxM1vKcOHmnuJmhIVryFxQpXjsaWykYOqMlU2RpMixEtibt8FkHXgtvnIRc1iDvlB5crGN4RpblHYPwfqKGMVtrJIzGtYXj8d0G24O0aQEaogL7SvvZ0usyPa2c+xba4m1ZOpim5bIhtmONHVvKLyvKON/Vg+UcA+HPpGJfMSDiKZaZjVhEVFeAGA6iqkUxoy6Q6O/crdB9pm/zfe+q+wdLGNJvPCEJOQC9LddT8s7dGcnjkTD7rw8gcFEF1bNDuzwW2uV4zIUpR0OrZpaoHLY1owFq4GlanWF1Chj7hfJTatv35Vl1o5fcorvZSpbCEcxlhBRd7k2uhhmAMCMm0/tZoIXdUWSqtG/koOtboRI70i30aAJSeBDdPPrNGb4Hj7rJKSFcKHGRgrV7ctFgvhWOdt30CwwrYE6bD+0MsuC6MVmL8XV65Jwuyj1uf+KIndi/nc1s/e6mF9c9tzRVp5fTWE0x7f5+0cQ1fe4bsgDSSFyItJ1cVRiFl8PQYTf0Qe74+QGSH53OIz0RYHMEoowVaIq+Hr7mTcEJFHl1zGtsANC9WQsO1VlQe5H69TTReG7EYs3jx0cUfRW0EgJ6ELYE2dBmzkXkj1xV8oinEAE64yMJl+NxKyU1iEE85Soyd8uVCjpGp0LMud0SH1XyBQ/+A0HGj+C0phBVVWHp0WNurf+xxxRA5w2+Xf26R4dpFbMvW/UKled6NzM6wGOzlsHvwYWYIoYbIyQ6aHmqoeMoFchRC1jT1UEpAfkD+vpkfz8aTlojshFI07YrqSO8IjOx/yBwq41PY3sYsJEKB0QZdJWBZfQfu67HLXOLmrZBPtcd98M4ZDM1npK+DklFV6OpB90Z3LfVq3ijuEsJqmKfu8Ve/3PcDoKCWIx2WnauxbyjRUfGculZ8vWf4v2Pqh+GuxhyM3832U4xOIYHO109LRgC0m51cmdVh8BbouwW4TObdPdz0lPUCjzDIYt7YmtAP05S0Tpx1FSTWfR60porGGYtOrI4Ldd9mbQRbWTQC+nMBGRbv7jXn6nN0kwK/7YqpvLwDrTzd14ArGWiRpnQ4ZvuZxT6Q1cVCWWj9oRXwvaYdN9HEZw3MHoc5Yubk6WwQlLtFR9kE3LAm03z2zMkWZmy6hupa/TGXjI2V3NYcYghfuVLVm3I/5MAckRA6lXLSrmbjA59VpL9QyDduN3g6m7Cst5RP6bmHEf+r3el3n9nvl+Y8k/V8XRTcnWJuXCx4gaQ1CBlaHU6IsYZ8AgK4Ev/4uWvJpxBJyCZVFbH2NqeFKZAsAaWY0txUY+IT/nmzNql9cji8dLOQTttnjRzdqt5nZUo3fCjb5B4iFRgXPbZkrVY/btcojq4nvSnRl7TSqeXqGSSPcijBRN8UB03/+LXdZrlFxodkcWE+QrbG4B8f6M4QOTCO8dYr8LJdrw26sw4eFsMn5lO41fTjVlspW4DjhvQKTwFifB6U70HmDx2fqxNY7qscX4SZBa3HetvBhI/UwWjOY8iO+8mXEdMu3syXLPWTJyabvv0FOnPXG7smVgwJbUPZWz4RAoVxEVzdO7tSqplarO7xZcrqV8HwPZ5MbdSwZxQQEruEODMCAHHdxihCZx533ISpyB8QCFttuWfQUeZ//5VFtrA03CxrNz8MU+7namEZBqo901rVTVtETnnKu8KJDyfITrv78Y6ORAt2kF6LfQ66Dv0zJtRLRcLM5JSxiFZTEwrEBKqV6AiED3A56ExQpzx+0JQpRauThiSB1zffzmchFtu2uBvVeVJDkq8ajm9JdXukeTyoK5p5nsQJXdA9wXbTAhunTP9PoUo+yqt3MOyOidl4FeKCvgVjQ2HBzkIqkhpcqoD2Xbf4mW3rfVSabX9JDy3z7F3CqnBwJoPfwOIQnQbvhpkfeOeION5BclKl2kYJn71bC1p+MtzeTnGJdRLIeC2KdCPD/+uHemCy+DudNXcUrhPab/r3S/q2A5LpncHHqIbpU0XHOQc4H6Gjg+OBp3xHBZPp0PFtqCzgnBIMICAY3Qram6yNUB1c//qnO7qABkt37mY5Ypf+0UN4i9iOm3yd6XzuKKIxlOnXtcaa5/JLAqsGiLAMhz3EILlIYDvdcoYLWVEowEEThQnabXArh8cA41RWT9zebMbBMHyBppTFLhLYuE20Ui63xt+iG4AOW1mCWOJvPQ3+H8haQwtCofNvubKyl1S055KkdpudEpuGW22BNOKDBVbV5k3PZrfgIeMvcYsmA91EH2rpzGX5TZFfntCOsGKKuSE7p0KO1Hsy+JR59nivTPNIaIC5LHTN9357mKlmQHNLBhCfzzR/IjOvGTRSuHcK7k1dk7gGyk0I9BXTFxulcoyNCViUtylYnfiycKoG5J1lcXR1HLtw4/xUCxnz3lHbWdHZhBsrE2HyWNPnw21h6C/R5J0zKm6wGjpLCciPM1OUqWON/yvBGrSi5AZBAj/tiySNOiMFgyD8nruv1BZXuRzxPA3Xk8SzunCg8O1hUqTvi/Re8qJKCAIrV7sIhWgoBg2ejKLl9X4VpgyVjQQNzvv7c+3C6mOoWvV2eX5SZZFFHgo/AwCuKojORK1qLMzRtz/z3R1Pp84qiXi/ctQ2yQiT1stZLkAoxBNEFnyAwaRqxSuC1xN4V50bCes2SSo1FbRdi62xti5rVvfQiwomwh+ti1QKCMHLDqg6Y3sVNNaCgEdNFANtKTaZD246M2h3X9rVtgtyCf4OL75f6uuT9xBvQL7xhPN/8heQm6Y0rRvh3rt45tzFAVt+DozblnF/dyaJRcpzql3D9LvnWZw9sLALwSLN+KOcib/CdHtHNk/ewDXpEFIxy3QwgOBAjdVvXboVCsZTYJrMrTRPunpRcxbG6ZuaFQAbCDNqgZoPL6GThJkJPe1zIZhC0bQrFAW2lf6J7oganJ3QkamSeiC1d34ncW9SKRbsCb/T7TnWg+G6/kVk/WMNweneokbYay7Rmw2208oEld8vAeCiCWcxT3ZSEi7eOYegO8R5c+rug0RkDUDv4tQDnPZ9+bME9D3xiPatTxBk2DKR4Q1rdWvG8U5xnHlGMK9MKjC7vE9WL3jXP/MCNopErNk+/wYUfG9KKnKzZEPUXaU5Tf/53pXDx3tTIYqbJbPyiEUT2tvdEcs7hWG6ugxskJbSUwJdg2VaLMczS+uFy6n+bNQqRvVDKC2/xMl9vqRNkaaynstAJEyECVuppdOsRJYEqCTRqk86AWX/o4UUKpbmctVzjKT40wuvkQk54E9mwClvj9ylvLsXoJpKHwJ9zUzcqRbt3sggnsyL9GUsoBxC55f7uGCMne+ABbjGclqPnujZ8IPdqAiCz0hf1zM0SgEXP04jkkS+FecYKxyps1InWWj5IwcWKjQD7iSdALNXsOtscDfbW4bEEd9Nx2QfFDrHEUrGImiCrolijtLh+mz+vPL5fOVFsI9+4Uecrxugg6G2k+U793flaEogbqFVVKroO4IyF3YlwBZxBSzFdSuj0soVyJTgPKeikz9pgZf4Bc1+VQ4Cq47EDwaVh04Churt06ct+GHQNbB3Ke2ebYBRkOQnDBjNz60y2FyaD3VZ08zgPD3tW0cmiP5V4lKFEMnAETM3GWCvSB1++gwCSWr0WAjWHpb3FxYaRfZF6jGF20WOwXzps/M+sQmF8sUC/VL44g6jnDoJLBQN2H2VwtQU4CywRykk49swjnM05CYTjSJuFsUkWOdb5xzQ823DeoZUEnPoS0dEfQh+m0BPtAyDzGhhpmtcbN4g4T9AIVO6Zz8ZqUlSF1XPho8SXhFWZgEbVcQQjcQQ+E4XTjpxKGJgcpuBBjrlEqyf1ifxLI3bD80fgEVh9BhqwKUNRFe32seSuCoezCjzwawR7L5ZkuaThCz8e4q4E8I/2e1Ds+6nN9E8OFWAau4oulG9gXKSH3cni07+O7JWP2Mv6u+/JE0nfWBsOdihA3rm+EGSB34MQ1sGTQjvGgd8Gw+meiMbR2OL/vbjc9E00OuebZcPuUbI6CburVW6EUq50qLVEQG5B18ykkEivvpBRmbMXxjZt1Hd6FBcAwpmPMCpDis/OtRbvWIjNVPJt7CSHuagmch8kRKANzKea1pCiuhDHag3OLek+fgGtc5dSmXiUINRqyL/TsUKM/N3ADVsmIj3soVSFsI/IUkBsYym1Q26BhCk1b9EE4Mg9wymmgYu+lh8FrAEZkhFRHE54bSq0T5ER9C5Mv6y0UEoTzyZMGj2wSIGu3kUEkLwT4AFvFIYLaAi5RjngY35DoK4eg3A8wPN8df+Wppn4Da8YHArhgi/lJlbEJNRcp2lykfOC/p7s9lMQeAhel3aWrSQ9qa/8wY9ZLMHZEn1GLget9ofJyCKRlI5gO5paWq9okjM2szt/8/25rtp0Ws7ZcO3yOAfjKMKvZKZT+EcY9cBBZfwZLcx7QbE/Db+eLt7cAQPy774aYYgKqdCo1N9OoB5qYQaC1RNtS2CrDoann1qWHAVH68RX1E640TqPB5eseEMzhiB9fKjOq1LlWxx8E95Dr2WoyMdPSxM73bk9cv1ck8L+Rz5nTwh6XgXmqZXK94jiL6U3mV9TlJhcqQ9TYB1C31R5g6myfDC67M7P+wYPgmbTsbeRHu0cowfeg0nxH7juKuGQUkhLeCjyLnnnsrruHetdw1hSKVE14uyZcexgQDSCrDidLNx1vgTAu9IGHIUtMiYOyDuTPt52GeutOG4l9kd74bvf3bscvIqZPGfjsnHboAfF8RcRnfrg40gs3+ZAFAUKpn2Ia2sCmErS1aV6sYhbLqR+CddHkgWbLUKulP6FjIYAu+imItCOm0yvUYPL51oMKKnqRSZZvC0gRhWaQ8Zm1gVVaeJ8LYDceWwvv/R2P/kFqE2psT/Ul0t2H7VKrBTvxxRW/Tvnu7+uhOjjayTGcPZW9QTs4mA3q41Da5tMqpK8w+9UkdRKV42llK</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedAssertion></saml2p:Response>\n" }

> Trusted decryption candidates
> Context: { "profile_id": "sso_sp_receive_response", "own_role": "sp", "action": "LightSaml\\Action\\Profile\\Inbound\\Response\\DecryptAssertionsAction", "top_context_id": "000000004b3fa1b9000000014059a6f1", "credentials":["Entity: 'http://odissea-backend-dev.local/app_dev.php/lightsaml/demosp'; PK X509 Thumb: '5a6543ac50f3d608b3a3964c15986c8041c3745e'"]}

> Assertion decrypted
> Context: { "profile_id": "sso_sp_receive_response", "own_role": "sp", "action": "LightSaml\\Action\\Profile\\Inbound\\Response\\DecryptAssertionsAction", "top_context_id": "000000004b3fa1b9000000014059a6f1", "assertion": "<?xml version=\"1.0\"?>\n<root xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" ID=\"_6184703be250de48d7b97f2e6a91f93a\" IssueInstant=\"2016-09-20T07:44:11.429Z\" Version=\"2.0\"><saml2:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">https://idp.testshib.org/idp/shibboleth</saml2:Issuer><ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/><ds:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><ds:Reference URI=\"#_6184703be250de48d7b97f2e6a91f93a\"><ds:Transforms><ds:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/><ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"><ec:InclusiveNamespaces xmlns:ec=\"http://www.w3.org/2001/10/xml-exc-c14n#\" PrefixList=\"xs\"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><ds:DigestValue>Tdxw+ShirqszubUbAE4mJqNqDNPDpnv0fa4uPMU2VZ4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Ry39TIrwFCb83URZrxdU/314SRPx+R0aaH6FBejPFFOJMRZxhIwoV3G7oBbeAPtrVeW3ieL92ecgWYlOeDzOqMHtYTxFa7tcn9TiS+vx2BRGZK8+HJ54mU7qt0iPnIA3LSlAhPZmHcuO1Xm0U9guA7fxHA+ur5576QbFuXjmePrcpuxSPIJvpiekija61MiEovWi52I/LNVdnHmRS621oASN8wRp9dkwdhc+52EeA9QIVAiXULvElaXuD42kU6A7OLEOMdsx/TcwioxoyKk7owx10debLtzPkLmMAZ9eeIkjdjPQjUw7mUqLtRK2+xnFNmYZCUht/yeD+DW2MZ2svA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEBCwUAMBsxGTAX\nBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0WhcNMzYwODIzMjEyMDU0WjAb\nMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAg9C4J2DiRTEhJAWzPt1S3ryhm3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+\nYmjqJAII4ShMGNEmlGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6Dd\nzdBnxoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB3ObaX0CM\nqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTHot6a2cj/pXlRJIgPsrL/\n4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQIDAQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mP\ni24x09yWp1OFXmZ2GPswGwYDVR0RBBQwEoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsF\nAAOCAQEASKKgqTxhqBzROZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASd\nlJtt+8QPdRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS80u5\nlrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOTMVr3zgfjP6Wh2dt+\n2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhORkWPlFYwp+zOyOIR+3m1+pqWFpn0\neT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqXMLRKhDgdmA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:transient\" NameQualifier=\"https://idp.testshib.org/idp/shibboleth\">_0f52bef932200cd4eb1b7751bd67c487</saml2:NameID><saml2:SubjectConfirmation Method=\"urn:oasis:names:tc:SAML:2.0:cm:bearer\"><saml2:SubjectConfirmationData Address=\"83.56.35.27\" InResponseTo=\"_750bccec57232145e075a0ecda02f3e7113aac63ca\" NotOnOrAfter=\"2016-09-20T07:49:11.429Z\" Recipient=\"http://odissea-backend-dev.local/app_dev.php/saml/login_check\"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore=\"2016-09-20T07:44:11.429Z\" NotOnOrAfter=\"2016-09-20T07:49:11.429Z\"><saml2:AudienceRestriction><saml2:Audience>http://odissea-backend-dev.local/app_dev.php/lightsaml/demosp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant=\"2016-09-20T07:44:10.594Z\" SessionIndex=\"_8f33d95e4fddc4ea4ea428a9300c6cf3\"><saml2:SubjectLocality Address=\"83.56.35.27\"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute FriendlyName=\"uid\" Name=\"urn:oid:0.9.2342.19200300.100.1.1\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">myself</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"eduPersonAffiliation\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.1\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Member</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Staff</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"eduPersonPrincipalName\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.6\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">myself@testshib.org</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"sn\" Name=\"urn:oid:2.5.4.4\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">And I</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"eduPersonScopedAffiliation\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.9\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Member@testshib.org</saml2:AttributeValue><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Staff@testshib.org</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"givenName\" Name=\"urn:oid:2.5.4.42\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Me Myself</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"eduPersonEntitlement\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.7\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"cn\" Name=\"urn:oid:2.5.4.3\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Me Myself And I</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"eduPersonTargetedID\" Name=\"urn:oid:1.3.6.1.4.1.5923.1.1.1.10\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue><saml2:NameID Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\" NameQualifier=\"https://idp.testshib.org/idp/shibboleth\" SPNameQualifier=\"http://odissea-backend-dev.local/app_dev.php/lightsaml/demosp\">gWslHltAsP48imCnmlYKWW4w0us=</saml2:NameID></saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"telephoneNumber\" Name=\"urn:oid:2.5.4.20\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">555-5555</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></root>\n" }

> CRITICAL
> 09:44:11
> request   Uncaught PHP Exception LightSaml\Error\LightSamlSecurityException: "Unable to verify Signature" at /opt/local/www/odissea-backend-dev/vendor/lightsaml/lightsaml/src/LightSaml/Model/XmlDSig/SignatureXmlReader.php line 83
> Context: { "exception": "Object(LightSaml\\Error\\LightSamlSecurityException)" }
tmilos commented 7 years ago

Maybe they changed their certificate... try updating IDP metadata... Will check data you posted and try it myself some time later

cedricduffournet commented 7 years ago

You are right, their certificate has changed, I made a PR with new TestShib providers' metadata. Thank you for you help

tmilos commented 7 years ago

Have merged https://github.com/lightSAML/lightSAML/pull/45. Closing the issue