Comments (4)
This was because of the x509.ParsePKCS1PrivateKey
call in line https://github.com/crewjam/saml/blob/master/service_provider.go#L435
My service provider's key needed to be converted to rsa privateKey. I'm not sure what the difference between the earlier and newer key was, because even the older one was generated using openssl rsa command
from saml.
This is almost certainly a regression due to ditching xmlsec. Next steps here, for me or you or anyone who wants to help, is to try and generate some failing test cases with from shibboleth.
from saml.
@crewjam I don't have much (actually any) knowledge about RSA keys generation.
But you're right about switching from xmlsec causing this
I first generated a key certificate pair for my service provider using this command
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
I used the privateKey.key
for shibboleth IdP, and that threw the Forbidden error.
Then I generated a new key from my original one using this command:
openssl rsa -in privateKey.key -out server_new.key
The new key server_new.key
worked, I no longer get that asn1 error. Although I'm still unable to configure access control. But that seems to be some certificate issue.
Anyway I just thought I'd share what I did as a test case possibly...or we can document this that the private key should begin with
-----BEGIN RSA PRIVATE KEY-----
and not
-----BEGIN PRIVATE KEY-----
If you or anyone can help me in getting to know why this worked that'll be great.
I'm going to do my research later, but I need to figure out and get my current connection working first
from saml.
The change in [08dd8e9] makes us more type safe w/r/t to keys and stuff. Although your code may need to change, it might make the trouble you are having more obvious. HTH.
from saml.
Related Issues (20)
- Trouble Getting Started as a Service Provider (from README) HOT 2
- Azure SAML2.0 not surport
- [question] idp example HOT 1
- Is this project still maintained? HOT 1
- Path property in CookieSessioProvider struct is missing
- ADFS HTTP-Artifact Signature
- Upgrade to use golang-jwt v5
- Why is the default SP signing algorithm SHA1
- bug: make logout request need add signature logic if `sp.SignatureMethod` is not empty. HOT 7
- Feature: IDP metadata URL should not be mandatory
- Should I fork a repo to receive the contribution [Or a community]
- Fail to authenticate on AzureAD when creating signed MakeAuthenticationRequest
- Externalize Login form
- How to log in by clicking on my app via Okta app?
- How to support multiple idp? HOT 1
- [Update Request] Update Project EOL component github.com/beevik/etree:v1.1.0
- can't figure out how to implement IDP initiated from IDP (for writing tests)
- How to create a SAML response with Response and Assertion signature
- How to handle IdP-initiated Single Logout (SLO) in the SP ? HOT 1
- When encrypting SAML assertion only SHA1 option can be used
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from saml.