You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to debug a problem with SAML response validation using python3-saml and am trying to check whether the problem is down in python-xmlsec.
I have a response from a server and the servers public cert. I've also the CA cert for the server added to the client (/etc/openssl/certs and /etc/certs/CA in my case on Solaris). And with that sure enough the xml validation works using xmlsec1:
# python test.py
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=436:obj=unknown:subj=dsigCtx->signValueNode == NULL:error=100:assertion:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Traceback (most recent call last):
File "test.py", line 21, in <module>
ctx.verify(signature_node)
xmlsec.Error: (1, 'failed to verify')
Perhaps my python is wrong there, it's what I've put together from the examples and what python3-saml is doing. error 100 is 'Invalid assertion' but that doesn't help me much.
The OS delivers xmlsec (1.2.28) and libxml2(2.9.9) and pip installed python-xmlsec (1.3.12), and pkg-config tells me the cflags for xmlsec1 are:
-DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -D__XMLSEC_FUNCTION__=func -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2
Can anyone advise if the python above is correct and expected to work or how I might debug this further? Is there perhaps some other file or directory I need to add the server CA cert to? Or some additional processing of the XML in addition to extracting the signature_node before verification?
Thanks
The text was updated successfully, but these errors were encountered:
Hi,
I'm trying to debug a problem with SAML response validation using python3-saml and am trying to check whether the problem is down in python-xmlsec.
I have a response from a server and the servers public cert. I've also the CA cert for the server added to the client (/etc/openssl/certs and /etc/certs/CA in my case on Solaris). And with that sure enough the xml validation works using xmlsec1:
However if I try with python-xmlsec I can't validate:
Perhaps my python is wrong there, it's what I've put together from the examples and what python3-saml is doing. error 100 is 'Invalid assertion' but that doesn't help me much.
The OS delivers xmlsec (1.2.28) and libxml2(2.9.9) and pip installed python-xmlsec (1.3.12), and pkg-config tells me the cflags for xmlsec1 are:
-DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -D__XMLSEC_FUNCTION__=func -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_GOST2012=1 -DXMLSEC_DL_LIBLTDL=1 -I/usr/include/xmlsec1 -I/usr/include/libxml2
Can anyone advise if the python above is correct and expected to work or how I might debug this further? Is there perhaps some other file or directory I need to add the server CA cert to? Or some additional processing of the XML in addition to extracting the signature_node before verification?
Thanks
The text was updated successfully, but these errors were encountered: