Open AntoineLemaire opened 4 years ago
I'm trying to configure https://samltest.id/ to test my app
I so I configured the symfony-bridge :
light_saml_symfony_bridge: own: entity_id: "http://my_domain.loc" entity_descriptor_provider: id: my_entity_descriptor credentials: - certificate: '%saml.certificate%' key: '%saml.key%' password: ~ party: idp: files: - '%kernel.root_dir%/../src/App/Resources/metadata/samltest_metadata.xml' store: id_state: id_store
The samltest_metadata.xml has been download from https://samltest.id/saml/idp
samltest_metadata.xml
For certificate & key, I tried to generate some with openSSL: openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem
openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem
But I don't get what metadata I should upload to https://samltest.id/upload.php to be able to test it.
I tried that :
<?xml version="1.0"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://my_domain.loc"> <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <AssertionConsumerService index="0" isDefault="false" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://my_domain.loc/saml/login_check"/> </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>{{ ..MY_CERTIFICATE.. }}</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://my_domain.loc"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://my_domain.loc"/> </IDPSSODescriptor> </EntityDescriptor>
I'm well redirected to samltest.id for login, but when I come back to my application, I got a error Assertions must be signed - LightSamlContextException
Assertions must be signed
Does someone knows what I did wrong? Thanks for helping
FYI: I did get the flow working with https://capriza.github.io/samling/samling.html, but not with https://samltest.id/ or https://stubidp.sustainsys.com/
I'm trying to configure https://samltest.id/ to test my app
I so I configured the symfony-bridge :
The
samltest_metadata.xml
has been download from https://samltest.id/saml/idpFor certificate & key, I tried to generate some with openSSL:
openssl req -new -x509 -days 365 -nodes -sha256 -out saml.crt -keyout saml.pem
But I don't get what metadata I should upload to https://samltest.id/upload.php to be able to test it.
I tried that :
I'm well redirected to samltest.id for login, but when I come back to my application, I got a error
Assertions must be signed
- LightSamlContextExceptionDoes someone knows what I did wrong? Thanks for helping