Comments (3)
Ok it was the line break in assertion that was making this whole issue.
I just replaced the special characters like "
 ;" and "
 ;" and it magically works so well now.. wow....
from java-saml.
Hi Jess103,
I'm tryng to follow your suggest but I continue to have your same error. Here my code
`
try {
InitializationService.initialize();
} catch (InitializationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
org.opensaml.saml.saml2.core.impl.StatusCodeBuilder statusCodeBuilder = new org.opensaml.saml.saml2.core.impl.StatusCodeBuilder();
StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(StatusCode.SUCCESS);
org.opensaml.saml.saml2.core.impl.StatusBuilder statusBuilder = new org.opensaml.saml.saml2.core.impl.StatusBuilder();
org.opensaml.saml.saml2.core.Status status = statusBuilder.buildObject();
status.setStatusCode(statusCode);
org.opensaml.saml.saml2.core.impl.IssuerBuilder issuerBuilder = new org.opensaml.saml.saml2.core.impl.IssuerBuilder();
org.opensaml.saml.saml2.core.Issuer issuer = issuerBuilder.buildObject();
issuer.setValue("https://example.com/issuer");
org.opensaml.saml.saml2.core.impl.ResponseBuilder responseBuilder = new org.opensaml.saml.saml2.core.impl.ResponseBuilder();
org.opensaml.saml.saml2.core.Response response = responseBuilder.buildObject();
response.setID(UUID.randomUUID().toString());
response.setVersion(SAMLVersion.VERSION_20);
response.setIssuer(issuer);
response.setStatus(status);
response.setIssueInstant(new DateTime()); // Specifica la data e l'ora di creazione della Response
org.opensaml.saml.saml2.core.impl.AssertionBuilder assertionBuilder = new org.opensaml.saml.saml2.core.impl.AssertionBuilder();
org.opensaml.saml.saml2.core.Assertion assertion = assertionBuilder.buildObject();
assertion.setID(UUID.randomUUID().toString());
assertion.setIssueInstant(new DateTime());
assertion.setSubject(createSubject("provai1",11));
org.opensaml.saml.saml2.core.Issuer issuer2 = issuerBuilder.buildObject();
issuer2.setValue("https://example.com/issuer");
assertion.setIssuer(issuer2);
/* OneLogin */
// 1. Sign Assertion > Turn signed string back to Assertion
org.opensaml.saml.saml2.core.impl.AssertionMarshaller aMarshaller = new org.opensaml.saml.saml2.core.impl.AssertionMarshaller();
String astStr = null;
try {
astStr = Util.addSign(aMarshaller.marshall(assertion), privateKey, cert, null);
astStr = astStr.replace(" ", "").replace("
", "");
} catch (XPathExpressionException | ParserConfigurationException | XMLSecurityException
| MarshallingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
assertion = (Assertion) stringTOobject(astStr);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// 2. Add Assertion into Response
response.getAssertions().add(assertion);
// 3. Sign Response > Turn signed string back to Response
org.opensaml.saml.saml2.core.impl.ResponseMarshaller marshaller = new org.opensaml.saml.saml2.core.impl.ResponseMarshaller();
String resStr = null;
try {
resStr = Util.addSign(marshaller.marshall(response), privateKey, cert, null);
resStr = resStr.replace(" ", "").replace("
", "");
} catch (XPathExpressionException | ParserConfigurationException | XMLSecurityException
| MarshallingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
response = (org.opensaml.saml.saml2.core.Response) stringTOobject(resStr);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// 4. To XMLString
try {
String samlStr = SerializeSupport.nodeToString(marshaller.marshall(response));
LOGGER.debug("Result in Base64: "+Util.base64encoder(samlStr));
} catch (MarshallingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}`
but when I tried to execute it, I have this
I'm using this tool to verify my Saml https://samltool.io/
this is the xml generated
<?xml version="1.0" encoding="UTF-8"?> <saml2p:Response ID="41cc1921-adea-48a0-866e-f98cca0f5f6c" IssueInstant="2023-07-26T12:59:29.075Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> https://example.com/issuer </saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#41cc1921-adea-48a0-866e-f98cca0f5f6c"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> SPMtU0bYT37cCVNqGDKcdX7vtug= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> dBBX06tKRldHc0kfT3MV9Sd2DwR+hA7v13+efZWBoiyCjjAqTuRx6KsAwLUudcj0E4ogHKoEaEmh wvoYEjlow7QEJEivZZknhuDdN+MomUL9OElDGUuOz9ROBjhXHiMVoqw6W8myDJYiKS/cgO3AOrj5 8VbE0IxdMiLOBLpc+hPBPbkcVbKTg/nZcNb/U/9qH+MbjUq8SEpTb1mZPNNSA8jkcofjGk0Qnk2+ o6qrFT5qRuzTENmatNBLXSyd3oSJLxrXLLpxmHhomO4LFTysQk5NZ7KLH372ClOo8o0gEXvryZBE e5AssJ19tn/KsUIw/KsW8f2LISD98gH7/Ov06KBBajzf40uSJducTVE3uWmEv21nJOrRUndcqeBE CxawZXGvGtsz2u2WBUB7K9LpWLyEyPKzp4aMaaKGCRmdOflgoT2u1zjiZQtLjDlZvlsRQz2LOzZ9 BDu2sfDPWgJMv59zq2C5VLrJw8kJ+hVvI2pxlctJTbeVET8+kNCD6bYe7A2fX9PlT1oE1dEgVVON PldepBw5jRiUx/qjUajzm2QNVd9hJKsxI7QmhMlCfRxnlok5D61NTPqfOjq7CLNGnarLk4Q1Tmm0 gn1GuNLk25uj8Quq22ADrYIRfYCnYPJlngaArZcBqWWA9QF51MjxEB9+Chtj51CCJL7N9RBlF8w= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIE/zCCAuegAwIBAgIUVL4ikDMIJosdOqAt7aCk3/ZArqkwDQYJKoZIhvcNAQELBQAwGjEYMBYG A1UEAwwPY2VkYWNyaWdyb3VwLml0MB4XDTIzMDUxNjEyMjIwMloXDTM3MDEyMjEyMjIwMlowGjEY MBYGA1UEAwwPY2VkYWNyaWdyb3VwLml0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA t2YHh1rxXY8NxIb6LDOEa0oPnSKHfxx2YMcSc4dACOE1KpNmjqnhwivSN8HuiP1bSTl64v69pcI4 THGNl6Uif+u0JG8Z1L7C44QZ93ibJz4Nny+PbdVuz9nr/hv7oZspaCD6thHq4sY2vrBCMQzbzS7+ Si7Ij6ykTJHSEEI2SVBw/mdMGf4TZREUvPU167cIUPsTaWLOY/PSbkE0twXF2nXfGxkwIDun1ipx dBSHNkpEmHkiMscLRnzE6cvudXR4kqqqJNc5a9mE9Pt+AxrI5UMgcBnTjJJQf/PAAAVgsUAbcMRS G1nVClZbsWpXm/LpM1UHvHltgiljZ+uiLyADxwoaCKqTilJ4flSgDCg1dEJToJUooTTaVdJkt9aR z6clQQOKlBnfPh93NFmNPGhn54CibJrEBtTRwnL3cP08HNC/RLr4byFVK2zYw2XjIDrOmwMPkdny 1o1p8EsvTZde5Uh4FGlsghFRQx/5nrTmUuxJlAfIPSAGLXv4CGhtxpuryGKVQD6E9OcnYroEgBf4 HDSpTmu9MzCod66XjJHcYfVr5K4wSlWhexM6sNNHLWE9Uo8lZgKcrJa9K/MxdNnilQVotKnPqDhC tCbPnePlp+LtTqCbELAAwLS1gfrE111z+Y0GUHYrX9rb+yGIMuwwj0cdemj42vmMTyy1Vmsg7h8C AwEAAaM9MDswGgYDVR0RBBMwEYIPY2VkYWNyaWdyb3VwLml0MB0GA1UdDgQWBBT4L6YBlCqsKnXx kI6R338ZYF28xjANBgkqhkiG9w0BAQsFAAOCAgEAoAdYRM8fsq4yjaD3sQ2psiatlQwYKdWiXlZC EB8ojDx7mZJalzhcNMXVueK9cRiZI0Y+MRTVe2340kQrtWit++UqZSHyO/I0dc/XqB2RQ5WDKmDg D+33GT1s1diX93YipElml5UhvvGTlfZq1T2u4COJ18/FnJRMBBkKkcfR8+wBd9uuRhpRKzBYvLxe 4rexy7LSUJ3wNB6UtTkn8/0I90f7Z0korqSL/rtl8T3U7b7jZ/Ws58VN9XmTOYO/e9aBkuCfTWQl hwOKGREeJqkBRzhRKT/SYQazddrJeYg0mjNGgaXr3KQhx42nCXNHHrqox1gqcVaHVzORW7mVFy07 7YSTMmTTrNi2ZNhBm/GY/lFtToq4PvWoctHluQzKkLWlgtEcLHc1dj5fGu+BJr0uADptFMGERXws oJ2j/7P3iLEz0WJ/dfBeuR+NKYHUkBurET/XO8Q9ggfiiJAtD20YulWvKT2JdXaoNpt07jWdtBUn IOn3O28Yc3ycM0e5E9dO8Yqn3yaFGJznfxNaMiqIQlWzbYZqmcPuhpC5FYmtJJ0rxVx4RHIMqtx6 kfl7gzRsBpYrWHcd4CMW0qYI2gkgDjkxzGNQYbgCOtYj5fr2tz1PbspswL2lEN6pUte/RTEYAFGY 5B4NPbhtCCj9UWzlQFHjp4y2xQTp6z7SeHYNnAs= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </saml2p:Status> <saml2:Assertion ID="8250ac58-a220-4343-9d3f-079a8d705dbb" IssueInstant="2023-07-26T12:59:29.075Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:Issuer> https://example.com/issuer </saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#8250ac58-a220-4343-9d3f-079a8d705dbb"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> EhuDc8SdImYVKrtO/oEkJ4h4SAs= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> ib3nd5zzrWN0QXS3pkKl1P5BBLcr/6KiTtDCNIbp9xxit3zY06XVmshVyKHxk9m99jhKvAMaCLHZ LFTcw3JmTdon5nChdPmiGSepcBY97zVrwKuqtigsfNxmUvm4WPPB7sftM/cPstwk0gTSJC2WiGD/ Se5Zpa7cImT5yndwTRYq1GKRyi8DkKKnLh8g6WaQHtMvJEUHk0TgWF0Uv6URqaEQ1BfbLeJz5kWn bh51PYgtE0bmDxM1up8abGJZsU8fTk/L6WUlxIkg6onPDTVztmI6JgvrCEV52PIX9Ot/3czYFGxK MmQ03WmuzQf/uZdeOgJtvnl0xwapxBicTk9pdEGUjlsr1XbNt04wi/WuOw81MXgj++IOJbEsfGJ9 VabDJad6QOIj+xR64IdGExygkrKJ6J4aF9PiWisPjVka5mEGReMcw+W27t0GAPyM8OcVoX0EUYzO Eg7K+arYRgVgppg7FDeKuqtYrvTO6y4AZJUzlV+AQXiO77vnbqZViehEJzCiJgP7qrgzNm04uJB5 0Nf9nFDUOrtIem1VkWY4e2oBHcuaiCX/vFIORCQeIyAHj+489K6X5s5KhEczO+rayZs7BXN+aWyG foBjPk4mxNZym6WNa5xsoxS4fyiRd+qRb2Qofa7b/iOMVdr3eSJqSj2nxF0k3rwUzEYe3kGeBfc= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIE/zCCAuegAwIBAgIUVL4ikDMIJosdOqAt7aCk3/ZArqkwDQYJKoZIhvcNAQELBQAwGjEYMBYG A1UEAwwPY2VkYWNyaWdyb3VwLml0MB4XDTIzMDUxNjEyMjIwMloXDTM3MDEyMjEyMjIwMlowGjEY MBYGA1UEAwwPY2VkYWNyaWdyb3VwLml0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA t2YHh1rxXY8NxIb6LDOEa0oPnSKHfxx2YMcSc4dACOE1KpNmjqnhwivSN8HuiP1bSTl64v69pcI4 THGNl6Uif+u0JG8Z1L7C44QZ93ibJz4Nny+PbdVuz9nr/hv7oZspaCD6thHq4sY2vrBCMQzbzS7+ Si7Ij6ykTJHSEEI2SVBw/mdMGf4TZREUvPU167cIUPsTaWLOY/PSbkE0twXF2nXfGxkwIDun1ipx dBSHNkpEmHkiMscLRnzE6cvudXR4kqqqJNc5a9mE9Pt+AxrI5UMgcBnTjJJQf/PAAAVgsUAbcMRS G1nVClZbsWpXm/LpM1UHvHltgiljZ+uiLyADxwoaCKqTilJ4flSgDCg1dEJToJUooTTaVdJkt9aR z6clQQOKlBnfPh93NFmNPGhn54CibJrEBtTRwnL3cP08HNC/RLr4byFVK2zYw2XjIDrOmwMPkdny 1o1p8EsvTZde5Uh4FGlsghFRQx/5nrTmUuxJlAfIPSAGLXv4CGhtxpuryGKVQD6E9OcnYroEgBf4 HDSpTmu9MzCod66XjJHcYfVr5K4wSlWhexM6sNNHLWE9Uo8lZgKcrJa9K/MxdNnilQVotKnPqDhC tCbPnePlp+LtTqCbELAAwLS1gfrE111z+Y0GUHYrX9rb+yGIMuwwj0cdemj42vmMTyy1Vmsg7h8C AwEAAaM9MDswGgYDVR0RBBMwEYIPY2VkYWNyaWdyb3VwLml0MB0GA1UdDgQWBBT4L6YBlCqsKnXx kI6R338ZYF28xjANBgkqhkiG9w0BAQsFAAOCAgEAoAdYRM8fsq4yjaD3sQ2psiatlQwYKdWiXlZC EB8ojDx7mZJalzhcNMXVueK9cRiZI0Y+MRTVe2340kQrtWit++UqZSHyO/I0dc/XqB2RQ5WDKmDg D+33GT1s1diX93YipElml5UhvvGTlfZq1T2u4COJ18/FnJRMBBkKkcfR8+wBd9uuRhpRKzBYvLxe 4rexy7LSUJ3wNB6UtTkn8/0I90f7Z0korqSL/rtl8T3U7b7jZ/Ws58VN9XmTOYO/e9aBkuCfTWQl hwOKGREeJqkBRzhRKT/SYQazddrJeYg0mjNGgaXr3KQhx42nCXNHHrqox1gqcVaHVzORW7mVFy07 7YSTMmTTrNi2ZNhBm/GY/lFtToq4PvWoctHluQzKkLWlgtEcLHc1dj5fGu+BJr0uADptFMGERXws oJ2j/7P3iLEz0WJ/dfBeuR+NKYHUkBurET/XO8Q9ggfiiJAtD20YulWvKT2JdXaoNpt07jWdtBUn IOn3O28Yc3ycM0e5E9dO8Yqn3yaFGJznfxNaMiqIQlWzbYZqmcPuhpC5FYmtJJ0rxVx4RHIMqtx6 kfl7gzRsBpYrWHcd4CMW0qYI2gkgDjkxzGNQYbgCOtYj5fr2tz1PbspswL2lEN6pUte/RTEYAFGY 5B4NPbhtCCj9UWzlQFHjp4y2xQTp6z7SeHYNnAs= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"> provai1 </saml2:NameID> </saml2:Subject> </saml2:Assertion> </saml2p:Response>
from java-saml.
using this version:
com.onelogin java-saml 2.9.0I resolved the problem
from java-saml.
Related Issues (20)
- add AssertionConsumerServiceIndex to Saml2Settings.java HOT 5
- https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLWOODSTOX-2928754 vulnerability HOT 3
- This project is currently not under active development HOT 20
- Access Denied! You do not have access to this application. Please contact your administrator. HOT 1
- CVE-2022-40152 affecting com.fasterxml.woodstox:woodstox-core HOT 3
- Unsigned saml assertions are not rejected HOT 1
- Signature validation failed. SAML Response rejected HOT 1
- Jakarta supported version HOT 3
- Testcases seems to be failing HOT 2
- Signing both Message and Assertion throws Invalid Signature Error HOT 1
- SAML Response - EncryptionMethod with Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" fails validation HOT 1
- Is onelogin saml toolkit supports the saml assertion decryption using the symmetric encryption method as well
- Preferred Alternative or Fork?
- Invalid_response Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd ( SAML Toolkit Java ) HOT 3
- Insecure/obsolete default signature algorithm HOT 1
- Please Help - clarification for using the SAML toolkit with existing Java Web Apps
- Links are broken for "How it Works" section
- Issues Javax EE to Jakarta EE using java-saml HOT 10
- SamlResponse.decryptAssertion, logical error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-saml.