Net-SAML2
view release on metacpan or search on metacpan
TUTORIAL.md view on Meta::CPAN
The URL is created by calling the sign function of the Net::SAML2::Binding::Redirect object with the xml version of the AuthnRequest.
```
my $url = $redirect->sign($authnreq->as_xml);
```
The signed URL is that results is:
```
$VAR1 = 'http://sso.dev.venda.com/opensso/SSORedirect/metaAlias/idp?SAMLRequest=fZFfS4RQEMXf%2BxRy39Xrv9wGFRYsWKglaumhl5j0ioLea8641Lfvagu1EPt6OHPOb2YywqEPR9jO3Oon9TErYudFTdQZnYvQk8LZlbnY3x6etw%2F34dtNXMcSqybB5Po9SYOmwUSGMTbBRkYyRWsnmtVOE6NmmyDDwJWhK9...
```
## Redirect to the user's browser to the URL
At this point the web application needs to redirect the user's browser to the URL. The Identity Provider will receive the XML at the sso_url that was defined in the metadata:
Using a browser add-on like **SAML Message Decoder** you should be able to view the fields in the SAML2 request that the browser sent.
```
<saml2p:AuthnRequest
TUTORIAL.md view on Meta::CPAN
);
my $xml = $sp->metatdata();
return $xml;
```
this results in the following XML
```
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://localhost:3000">
<md:SPSSODescriptor WantAssertionsSigned="0"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
AuthnRequestsSigned="0"
errorURL="http://localhost:3000/saml/error">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEO
lib/Net/SAML2/Binding/POST.pm view on Meta::CPAN
# saml-schema-protocol-2.0.xsd Schema hack
#
# The real fix here is to fix XML::Sig to accept a XPATH to
# place the signature in the correct location. Or use XML::LibXML
# here to do so
#
# The protocol schema defines a sequence which requires the order
# of the child elements in a Protocol based message:
#
# The dsig:Signature (should it exist) MUST follow the saml:Issuer
#
# 1: saml:Issuer
# 2: dsig:Signature
#
# Seems like an oversight in the SAML schema specifiation but...
$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
my $signature = $1;
$signed_message =~ s/(<\/saml\d*:Issuer>)/$1$signature/;
my $encoded_request = encode_base64($signed_message, "\n");
return $encoded_request;
}
__PACKAGE__->meta->make_immutable;
lib/Net/SAML2/Binding/Redirect.pm view on Meta::CPAN
sub _sign_redirect_uri {
my $self = shift;
my $uri = shift;
my $key_string = read_text($self->key);
my $pk = Crypt::PK::RSA->new();
my $rsa_priv = $pk->import_key(\$key_string);
$uri->query_param('SigAlg',
$self->sig_hash eq 'sha1'
? 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
: 'http://www.w3.org/2001/04/xmldsig-more#rsa-' . $self->sig_hash);
my $to_sign = $uri->query;
my $sig = encode_base64($rsa_priv->sign_message($to_sign, uc($self->sig_hash), 'v1.5'), '');
$uri->query_param('Signature', $sig);
return $uri->as_string;
}
sub sign {
my $self = shift;
lib/Net/SAML2/Binding/Redirect.pm view on Meta::CPAN
sub _verify {
my ($self, $sigalg, $signed, $sig) = @_;
foreach my $crt (@{$self->cert}) {
my $cert = Crypt::OpenSSL::X509->new_from_string($crt);
my $pk = Crypt::PK::RSA->new();
my $rsa_pub = $pk->import_key(\$cert->pubkey);
my $hash_name;
if ($sigalg eq 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256') {
$hash_name = 'SHA256';
} elsif ($sigalg eq 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha224') {
$hash_name = 'SHA224';
} elsif ($sigalg eq 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384') {
$hash_name = 'SHA384';
} elsif ($sigalg eq 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512') {
$hash_name = 'SHA512';
} elsif ($sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1') {
$hash_name = 'SHA1';
}
else {
warn "Unsupported Signature Algorithim: $sigalg, defaulting to sha256" if $self->debug;
}
return 1 if $rsa_pub->verify_message($sig, $signed, $hash_name, 'v1.5');
warn "Unable to verify with " . $cert->subject if $self->debug;
}
lib/Net/SAML2/Binding/SOAP.pm view on Meta::CPAN
no_xml_declaration => 1,
});
my $signed_message = $sig->sign($message);
# OpenSSO ArtifactResolve hack
#
# OpenSSO's ArtifactResolve parser is completely hateful. It demands that
# the order of child elements in an ArtifactResolve message be:
#
# 1: saml:Issuer
# 2: dsig:Signature
# 3: samlp:Artifact
#
# Really.
#
if ($signed_message =~ /ArtifactResolve/) {
$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
my $signature = $1;
$signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
}
# test verify
my $ret = $sig->verify($signed_message);
die "failed to sign" unless $ret;
my $soap = <<"SOAP";
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body>$signed_message</SOAP-ENV:Body></SOAP-ENV:Envelope>
lib/Net/SAML2/IdP.pm view on Meta::CPAN
}
sub new_from_xml {
my($class, %args) = @_;
my $dom = no_comments($args{xml});
my $xpath = XML::LibXML::XPathContext->new($dom);
$xpath->registerNs('md', 'urn:oasis:names:tc:SAML:2.0:metadata');
$xpath->registerNs('ds', 'http://www.w3.org/2000/09/xmldsig#');
my $data;
my $basepath = '//md:EntityDescriptor/md:IDPSSODescriptor';
for my $sso ($xpath->findnodes("$basepath/md:SingleSignOnService")) {
my $binding = $sso->getAttribute('Binding');
$data->{SSO}->{$binding} = $sso->getAttribute('Location');
}
lib/Net/SAML2/IdP.pm view on Meta::CPAN
)
: (),
);
}
sub _get_pem_from_keynode {
my $self = shift;
my $node = shift;
$node->setNamespace('http://www.w3.org/2000/09/xmldsig#', 'ds');
my ($text)
= $node->findvalue("ds:KeyInfo/ds:X509Data/ds:X509Certificate", $node)
=~ /^\s*(.+?)\s*$/s;
# rewrap the base64 data from the metadata; it may not
# be wrapped at 64 characters as PEM requires
$text =~ s/\n//g;
my @lines;
lib/Net/SAML2/Protocol/Assertion.pm view on Meta::CPAN
sub _verify_encrypted_assertion {
my $self = shift;
my $xml = shift;
my $cacert = shift;
my $key_file = shift;
my $key_name = shift;
my $xpath = XML::LibXML::XPathContext->new($xml);
$xpath->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$xpath->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
$xpath->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpath->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
return $xml unless $xpath->exists('//saml:EncryptedAssertion');
croak "Encrypted Assertions require key_file" if !defined $key_file;
$xml = $self->_decrypt(
$xml,
key_file => $key_file,
key_name => $key_name,
);
$xpath->setContextNode($xml);
my $assert_nodes = $xpath->findnodes('//saml:Assertion');
return $xml unless $assert_nodes->size;
my $assert = $assert_nodes->get_node(1);
return $xml unless $xpath->exists('dsig:Signature', $assert);
my $xml_opts->{ no_xml_declaration } = 1;
my $x = Net::SAML2::XML::Sig->new($xml_opts);
my $ret = $x->verify($assert->toString());
die "Decrypted Assertion signature check failed" unless $ret;
return $xml unless $cacert;
my $cert = $x->signer_cert;
die "Certificate not provided in SAML Response, cannot validate" unless $cert;
my $ca = Crypt::OpenSSL::Verify->new($cacert, { strict_certs => 0 });
lib/Net/SAML2/Protocol/Assertion.pm view on Meta::CPAN
sub new_from_xml {
my($class, %args) = @_;
my $key_file = $args{key_file};
my $cacert = delete $args{cacert};
my $xpath = XML::LibXML::XPathContext->new();
$xpath->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$xpath->registerNs('samlp', 'urn:oasis:names:tc:SAML:2.0:protocol');
$xpath->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$xpath->registerNs('xenc', 'http://www.w3.org/2001/04/xmlenc#');
my $xml = no_comments($args{xml});
$xpath->setContextNode($xml);
$xml = $class->_verify_encrypted_assertion(
$xml,
$cacert,
$key_file,
$args{key_name},
lib/Net/SAML2/SP.pm view on Meta::CPAN
ns => { md => URN_METADATA },
id_attr => '/md:EntityDescriptor[@ID]',
}
);
my $md = $signer->sign($metadata);
my $xp = XML::LibXML::XPathContext->new(
XML::LibXML->load_xml(string =>$md)
);
$xp->registerNs('md', URN_METADATA);
$xp->registerNs('dsig', URN_SIGNATURE);
my $nodes = $xp->findnodes('/md:EntityDescriptor[@ID]');
my $rootnode = $nodes->get_node(1);
my $child = $rootnode->firstChild;
return $md if $child->nodeName() eq 'dsig:Signature';
$nodes = $xp->findnodes('//dsig:Signature');
my $signode = $nodes->get_node(1);
$signode->unbindNode;
$rootnode->insertBefore($signode, $child);
return '<?xml version="1.0" encoding="UTF-8"?>' . $rootnode->toString;
}
sub get_default_assertion_service {
t/01-create-idp.t view on Meta::CPAN
delete $ENV{'PERL_LWP_SSL_CA_FILE'};
delete $ENV{'HTTPS_CA_FILE'};
delete $ENV{'PERL_LWP_SSL_CA_PATH'};
delete $ENV{'HTTPS_CA_DIR'};
my $xml = <<XML;
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
t/01-create-idp.t view on Meta::CPAN
'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'has correct persistent format'
);
}
{ my $xml = <<XML;
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
t/02-create-sp.t view on Meta::CPAN
$node->getAttribute('Location'),
'http://localhost:3000/sls-post-response',
".. with the correct location"
);
}
my $root_node = get_single_node_ok($xpath, '/md:EntityDescriptor');
my $signature_node = $root_node->firstChild;
is($signature_node->nodeName(),
'dsig:Signature', "First node is the signature");
is(
'44e55d658c4b8bdf740cae7a0b200488',
$sp->key_name('signing'),
"Got a key name for the signing key"
);
is(
undef,
$sp->key_name('encryption'),
"... and there is no encryption key name"
t/03-assertions.t view on Meta::CPAN
my $xml = <<XML;
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s29e656961dc650775c103fddadba836256cc3eb7d" InResponseTo="N3k95Hg41WCHdwc9mqXynLPhB" Version="2.0" IssueInstant="2010-10-12T14:49:27Z" Destination="http://ct.local/saml/consumer-p...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://sso.dev.venda.com/opensso</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s241001b6007d1700109a3e3bc4350ae5528ba9824" IssueInstant="2010-10-12T14:49:27Z" Version="2.0">
<saml:Issuer>http://sso.dev.venda.com/opensso</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#s241001b6007d1700109a3e3bc4350ae5528ba9824">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>1CCTfUP/Sbihuz4HCySlSizG9+o=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>lHH8QBcAievrgDYmYXXk+QnWC/ybLYcbIZPEs06rEi7wE9Iwb96UxPM8zY24SSJ9CPZdZqyNsyIu9Ww+4dq7RcUbE9dBCKwAZjz/ze6jPTlEZPdG1H+g+c8HnC9mNTI1g4WDS8zBmSbBbYBEPiuVxHn245JaUrTRjoLE0Xr4EoY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDDDCCAfSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEOMAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEwMDYxNDE5MDJaFw0xMTEwMDYxNDE5MDJaMGMxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxv...
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
t/04-response.t view on Meta::CPAN
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2d1d09d5f190890fea3ecf12dc88cef287c77c3b5" IssueInstant="2010-11-12T12:26:44Z" Version="2.0">
<saml:Issuer>http://openam.nodnol.org:8080/opensso</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="http://openam.nodnol.org:8080/opensso">W26qY2hXzKvOYdef/HS/xQxqBwD0</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="N3k95Hg41WCHdwc9mqXynLPhB" NotOnOrAfter="2010-11-12T12:36:44Z" Recipient="http://ct.local/saml/consumer-post"/></saml:SubjectConfirmation>
</saml:Subject><saml:Conditions NotBefore="2010-11-12T12:16:44Z" NotOnOrAfter="2010-11-12T12:36:44Z">
<saml:AudienceRestriction>
<saml:Audience>http://ct.local</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2010-11-12T12:26:44Z" SessionIndex="s242c4fb93cf01015a82f4fac98769a0869f8bde01"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClass...
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<dsig:Reference URI="#s2d1d09d5f190890fea3ecf12dc88cef287c77c3b5">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>qs6RhySf/pELLFucYFr2Uw0DZ+X0YvjWM3OdLQ8MCf0=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>blPr777NBSfyuSIeWzBAwBXoKITaejwzaFc7+5VCL/9+QLYbOpDuYf58E75ckgd+WAtQJ7vHj5nY
dYhRyhFi48bcn75UUBiblNzFTE9Jnqw7tjUndMAbx+SfnEOKRgb/CJ2GSwombhSgtK9VIldm7s3w
rmY3BMB3AeBpT+SSHK8+dGGp79mFladp7zKf2saVe4IVcAW2rSYQUNOKjRbBRHmbKCLcvLuF/HrO
LTS7lfhXRheRkLwZtXESBMxz7CXturtYKwSKzuF4JAJ49r5Q0tqo/qxPjcQv9xIcUT4tpVUrKpq/
HnkvAPp2oFB4eAct+A3UMMIhugTa8O3oPolK2g==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
6LlwLxqbKknBhUjPW68SnJduwwDvwbTjh/yaCLWXcTOrlJI6rZPfjzuLHVtPdFdG
4HA9+Dl5ym/6n92CIAbpuGg1jQpumuHfdtLyrZsgXGdn4es80H8tAGnyyTb+/a9Q
t/04-response.t view on Meta::CPAN
dibbdBcCsDX0ptlCKdCT0ccL9pu1B5BKK+1/e/egityH8cMPmlbkw41aMlN60uW7
TxOnuDJZaQ1b6iKOSbF20LhnXy2X/B/Uz5TAyxgwar2FYflzKQ5DLzQy8kEjJ3kU
qy2vwc30Hik7kD7/rtL8hJlbyHBw7rJZpRW7tjjhBAbNNTNXJ3HT/0BA+a8pm0s0
J/zYOkhRgUoS0bHYQpTjF/G6uWCAtwcXtS7a9IYAMV6S6nyQCgTLAcr065KrAkp2
SNVz/lx+i8ajHMJ9GFguNWX3SQsmFK+tAadjTCzoGxQKb+nXTlYaVs/Q2lSfsvz2
YQwyY8eDHQjTVxWmOXdMuVCvfW2IxpOJKU26uEADjUS9qJHsSQqQy9qXyTE0/k5A
wygU3Q12/3IQwhPKSNgSsVbdkGz6vslKM91MyiqH4agIxgZPE5gsl8UUAUDiVxES
VxkxulDjHXtVQFH5Z32Xdbj1lu1fSrg9586AAjks4RYkYBKk+ZNm+4XqF/DFRweZ
LT8EYILdC+8GuFIO/+aEZxbBkoIbAQKhBt3ROpCg5nUJeXvnsgF44BsPMSMipjmf
nERHVzwX9FRnmFIdHWYa0QAMjh9XMvkxDK+ZxLiDiaY1h/k=
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></saml:Assertion><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<dsig:Reference URI="#s2aa6f0dee017e82ced11a3c7c0be88ee42d3a9cb5">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>gGzeJlwxICEHkWJyX0Lx+lRqRlFyuQAgUPH7LeM2uQU=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>SPRZzaF9PQu6q2ltDbuwHfDU6Kn5I83/2VmL3/K+noqQTPzPAaO4RY/GFFl06Y5bAhmMp1IoeNTC
X+1LquxaI8vJWgCya+zyK6ValTgzOcSbS6+Jt0WktY4bbyS2h6BeO6MbvIIVn4pAvAK4xVz3sCku
ZxwViAfk4ljqltjRGJk6zgQ3tTBXN/ZKV7biZzXpwvuBNpnAYXxLpIF6FnfYRiCBmobNXufm4kxZ
EvN6b+vmEWjcMjIXnXTkBDm/zx3B9CruuY1qIBbdjtFbVtYoG/4tfaMgPyNs75tnw0CTZ5Q2r21x
1H4B/awRyBK8BSWYBqXplvvp5DP/CEGWSogY4g==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
6LlwLxqbKknBhUjPW68SnJduwwDvwbTjh/yaCLWXcTOrlJI6rZPfjzuLHVtPdFdG
4HA9+Dl5ym/6n92CIAbpuGg1jQpumuHfdtLyrZsgXGdn4es80H8tAGnyyTb+/a9Q
t/04-response.t view on Meta::CPAN
dibbdBcCsDX0ptlCKdCT0ccL9pu1B5BKK+1/e/egityH8cMPmlbkw41aMlN60uW7
TxOnuDJZaQ1b6iKOSbF20LhnXy2X/B/Uz5TAyxgwar2FYflzKQ5DLzQy8kEjJ3kU
qy2vwc30Hik7kD7/rtL8hJlbyHBw7rJZpRW7tjjhBAbNNTNXJ3HT/0BA+a8pm0s0
J/zYOkhRgUoS0bHYQpTjF/G6uWCAtwcXtS7a9IYAMV6S6nyQCgTLAcr065KrAkp2
SNVz/lx+i8ajHMJ9GFguNWX3SQsmFK+tAadjTCzoGxQKb+nXTlYaVs/Q2lSfsvz2
YQwyY8eDHQjTVxWmOXdMuVCvfW2IxpOJKU26uEADjUS9qJHsSQqQy9qXyTE0/k5A
wygU3Q12/3IQwhPKSNgSsVbdkGz6vslKM91MyiqH4agIxgZPE5gsl8UUAUDiVxES
VxkxulDjHXtVQFH5Z32Xdbj1lu1fSrg9586AAjks4RYkYBKk+ZNm+4XqF/DFRweZ
LT8EYILdC+8GuFIO/+aEZxbBkoIbAQKhBt3ROpCg5nUJeXvnsgF44BsPMSMipjmf
nERHVzwX9FRnmFIdHWYa0QAMjh9XMvkxDK+ZxLiDiaY1h/k=
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:Response>
XML
my $response = encode_base64($xml);
my $sp = net_saml2_sp();
my $post = $sp->post_binding;
my $response_xml;
t/05-soap-binding.t view on Meta::CPAN
for my $cert (@{$idp->cert($use)}) {
$idp_cert = $cert;
ok(looks_like_a_cert($idp_cert), "Certificate for: \"$use\" looks like a cert");
}
};
{
my $art_response = << 'ARTIFACT';
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/"><soap11:Body><saml2p:ArtifactResponse ID="_c9ce9fb074bc6e1773f21f1e32a935b5" InResponseTo="NETSAML2_fc7ddf1855713b8cd4ea05b3f190d7e84328f48d7e7683addea941f930e026ef" IssueInsta...
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2p:Response ...
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2....
A1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAOBgNVBAcMB01vbmN0b24xEzARBgNV
BAoMCk5ldDo6U0FNTDIxKjAoBgNVBAMMIU5ldDo6U0FNTDIgU1AgU2lnbmluZyBDZXJ0aWZpY2F0
ZTAgFw0yMTEwMTYxODAwNTlaGA8yMTIxMDkyMjE4MDA1OVoweDELMAkGA1UEBhMCQ0ExFjAUBgNV
BAgMDU5ldyBCcnVuc3dpY2sxEDAOBgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIx
KjAoBgNVBAMMIU5ldDo6U0FNTDIgU1AgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBALJAo+ANmR4YZ+Vxs+NgNSaa1hVZVu6QBx4gN6513ojOrObdYQ3w
7mvMS2gl4Oi5kaEp1QRFLt6otOnbqmZU4aR7EowTTfMm2DQFTujRej1WMfSH1eoOJcVEPWy73B6B
VyRVX3Qjbx8nVh1ok6OhTauNwZPqoxsw26d1zqa8kGk6ormcfsukQuGArxpMKNqNMMfsK92HY4UA
H/1vtPgZ6kPsZzSLhUXgw9fQrsuCUCcn2fFBBR2Ij5lkbwhxgUAsicpqKouxW5nSOW4qsNr0+3pS
/mk5+l5omfiFapx0B9D9Mq8b9DNmRqogBI0LbME3Rl32VxaPThLw95esMwg+8/aId13MkSULR9IA
t/15-evil-nameid-and-email-assertion.t view on Meta::CPAN
use strict;
use warnings;
use Test::Lib;
use Test::Net::SAML2;
use Net::SAML2::Protocol::Assertion;
my $xml = <<'XML_FILE';
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="id-2806f1cc-9ec9-4b70-ae58-e252e58159f1" Version="2.0" IssueInstant="2021-11-26T01:36:44.454Z" InResponseTo="NETSAML2_1d8748c413abe...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.com/idp</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" ID="id-f58787c2-38e8-4dd4-b2bb-74cad987c88e" Version="2.0" IssueInstant="2021-11-26T01:36:44.454Z">
<saml:Issuer>https://idp.com/idp</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">user@netsaml2.local<!---->.evil.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2021-11-26T01:53:24.455Z" Recipient="https://netsaml2-testapp.local/consumer-post" InResponseTo="NETSAML2_1d8748c413abe58635d3c8b53b79633a"/></saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2021-11-26T01:35:44.455Z" NotOnOrAfter="2021-11-26T01:53:24.455Z">
<saml:AudienceRestriction>
<saml:Audience>https://netsaml2-testapp.local</saml:Audience>
</saml:AudienceRestriction>
t/15-evil-nameid-and-email-assertion.t view on Meta::CPAN
<saml:Attribute Name="NickName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">パスワードをお忘れの方</saml:Attribu...
</saml:Attribute>
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Tester</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user@netsaml2.local<!---->.evil.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<dsig:Reference URI="#id-f58787c2-38e8-4dd4-b2bb-74cad987c88e">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>Wj9Mk/JZYSj/oun9jvIh8UUg3esvigRvZiUX+i3/PIs=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>YjRQvTacPUIL83QSUb5dQsDrfn+IrtgIIXjSp45l1n606Q2U6fw83O3Cw6O2gkDOZ5niC+kyI5OS
mET6QQ/+uaPtxPFVk7dFwluMK3rLKsiIUO68jIKO1TWxwT1jhpYo+og/gIPFQkE48GHC91gWfN6T
0senls89yDV+1ytKFiaXBqy/E0hkmxk13+fDLGEs1/C4pfwHiKf4aAtJmxsJ5f1PCZLk0ST1Hp6X
dqbcnU3XbqeskyPGca/iA3d7LrDddl96LkfBB62eNcojv0XwVFxCxfSaFjnLcYSLjNforZf1NdoW
zI9LioK6oIJwgNckhVU22dKXOcdacOYfbfdpgw==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMTA3MDMyMTAyMjRaFw0zMTA3MDEyMTAyMjRaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/15-evil-nameid-and-email-assertion.t view on Meta::CPAN
G/adtWAt8zRoejFob8W5aCA36uNoQLvdaMwXYNsJkzDNEmCB6vf3A28bVI+mlnt1
+h3f0bkwxwHP2qYL8RneCL65GG+SWXHIipS/ZA5225mmT1oLo9xKeGK6vBgsOUum
vxDgzmYyeGZYKpACWbOI7lR3C6PMR0oLKManLdb+ymngIk0bKB+Y2gr5cq/zURv8
casiikjZT3MycPRV1AfQ3MYuXg6z4izkcG1U98E9Hr5p1gFsITmaY0aeK01a6xhx
XkWKFTbraDn5ouTVMutW8xaVPU60zpYOcynxtRdgnYdmRR+c9dcD2xQmjtohuLxq
RASCBC9iO7qTYkQvNW+yb63xbPDG05nokAfXpbp5hYVU8FYZHi8qOPtiaWiN9wbt
ijsxDKZEcfiSGH5AEnkoaRCEqvbSNdtlbfYeDEnonsOZi9c+Kdl6A4PvOzTexwmi
KPVgT8evWpQbubENw66vUOTqgkI+Bhbn87e1VELNUy+Uwz2OOcLEVvNkx0owswrH
ujwb1+y1SYnlalLUt7PzEW85RNqVewGsHE8SD/1s70eYNYp7YJwLGPKJfyr3LvSl
0qRfrYNhlewPc1MSVx7IFCZ4Qg+GFhg8TnEELQ==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></saml:Assertion>
<dsig:Signature>
<dsig:SignedInfo xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<dsig:Reference URI="#id-2806f1cc-9ec9-4b70-ae58-e252e58159f1">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>CTLVgcRtdRyS0Xj6WtjfYrV3BZkwZFU2cjPXXQln7tI=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>KCOW/WtwKZOrI6x+VzTKOyZ3cRJuUAPMYpsYiATzgCmfhymwORSytVmA+BJ+ZuFK1zxPk88UZJw0
0mj2KBVN635WkFj+zDci79qm6zTwxNRprE6XnF5tSgXQTJH7bS5nIu0jGbSiR6EJVpKS3usDZ8/Z
+tjkp2j/e2qeWDpXKUck8OCLclHkgzRa/sNXdGL20xc80qmVdkLCST+vUP92XUUlNM66EqvlOaHB
wmEgQwfgurTnQPOCdb+Ypm5fvJjYXFrDJDKXY2AHu0LF+fO39Trx2FWjZ27UPH9NW6KOtKrhRtlH
kV7ey4uddrz9t5Y08M12azJQIhgPMAszmVCXiw==
</dsig:SignatureValue>
<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>
MIIFuDCCA6CgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwezELMAkGA1UEBhMCQ0Ex
FjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxHTAbBgNVBAoMFENyeXB0LU9wZW5TU0wt
VmVyaWZ5MTUwMwYDVQQDDCxDcnlwdC1PcGVuU1NMLVZlcmlmeSBTSEEtMjU2IElu
dGVybWVkaWF0ZSBDQTAeFw0yMTA3MDMyMTAyMjRaFw0zMTA3MDEyMTAyMjRaMGcx
CzAJBgNVBAYTAkNBMRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRAwDgYDVQQHDAdN
b25jdG9uMRAwDgYDVQQKDAdYTUwtU2lnMRwwGgYDVQQDDBN4bWwtc2lnLmV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkqxhCTOB2Xx
FxCNWJt0bLWRQva6qOAPKiqlLfgJjG+YY2JaPtpO7WNV5oVqv9F21V/wgOkcQTZZ
QQQl/L/eXlnFpJeSpF31dupLnzrBU29qWjedNCkj+y01sprJG+c++2d2jV8Qccp5
5SklALtXYZ3K5OfILy4dFEqUyW0/Bk7Y/PdrAacAazumdNW2nw/ajbiXbUfm55Qe
t/15-evil-nameid-and-email-assertion.t view on Meta::CPAN
G/adtWAt8zRoejFob8W5aCA36uNoQLvdaMwXYNsJkzDNEmCB6vf3A28bVI+mlnt1
+h3f0bkwxwHP2qYL8RneCL65GG+SWXHIipS/ZA5225mmT1oLo9xKeGK6vBgsOUum
vxDgzmYyeGZYKpACWbOI7lR3C6PMR0oLKManLdb+ymngIk0bKB+Y2gr5cq/zURv8
casiikjZT3MycPRV1AfQ3MYuXg6z4izkcG1U98E9Hr5p1gFsITmaY0aeK01a6xhx
XkWKFTbraDn5ouTVMutW8xaVPU60zpYOcynxtRdgnYdmRR+c9dcD2xQmjtohuLxq
RASCBC9iO7qTYkQvNW+yb63xbPDG05nokAfXpbp5hYVU8FYZHi8qOPtiaWiN9wbt
ijsxDKZEcfiSGH5AEnkoaRCEqvbSNdtlbfYeDEnonsOZi9c+Kdl6A4PvOzTexwmi
KPVgT8evWpQbubENw66vUOTqgkI+Bhbn87e1VELNUy+Uwz2OOcLEVvNkx0owswrH
ujwb1+y1SYnlalLUt7PzEW85RNqVewGsHE8SD/1s70eYNYp7YJwLGPKJfyr3LvSl
0qRfrYNhlewPc1MSVx7IFCZ4Qg+GFhg8TnEELQ==
</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
</dsig:Signature></samlp:Response>
XML_FILE
my $assertion = Net::SAML2::Protocol::Assertion->new_from_xml(xml => $xml);
isa_ok($assertion, 'Net::SAML2::Protocol::Assertion');
is($assertion->in_response_to, 'NETSAML2_1d8748c413abe58635d3c8b53b79633a', 'In response to is correct');
is(scalar keys %{ $assertion->attributes }, 4, "Found four attributes");
is(scalar @{ $assertion->attributes->{EmailAddress} }, 1);
is(scalar @{ $assertion->attributes->{NickName} }, 1);
t/17-lowercase-url-escaping.t view on Meta::CPAN
use Test::Lib;
use Test::Net::SAML2;
use Net::SAML2::Binding::Redirect;
use File::Slurper qw/read_text/;
my $url = <<LOWERCASE;
https://netsaml2-testapp.local/sls-redirect-response?SAMLRequest=fVLLTsMwELzzFVXuTuJHGsdqIyHgUAk40IoDF7R1NhAptaOsI%2fh83FQ9VKL1xa%2bdnd2ZXREc%2bsE8%2by8%2fhTekwTvCxeZxnXyKogJbNZKh5S0rASsmcQkMlJUCJKAEldwt%2fl3vOFLn3ToRaX4tZkM04cZRABdiYC4EyzXLlzsuTVEYr...
LOWERCASE
my $redirect = Net::SAML2::Binding::Redirect->new(
key => 't/net-saml2-key.pem',
url => 'https://netsaml2-testapp.local/sls-redirect-response',
param => 'SAMLRequest',
cert => read_text('t/net-saml2-cert.pem'),
sig_hash => 'sha256',
);
t/20-path-only-redirect.t view on Meta::CPAN
2ja3g7G7LiOJGvzZSIOFr50baebsoJNRwL2GDfYUTM1SWDz4UHnGebsme5TTmzjV
O3YEvnOMTtVC6/fYYdouAqIJ+cTmmF3Cxd/tOr5fkaPscB0x0+zqWqgBZLo0FVEC
DMt+DYk1HaQJPxsAXGahUmIIpfIKO7AUx5tD74PR8XeHWyL0w8jg1h8nVtc49P7h
08SzmSFY0phJ9plLpSubCsd/1KMPOJ0Dh7kYEaOJOOWwjLggiho5N4KBytpts6HI
jmPlKvV7UJEAmQykuhO6PyFfGjwXxpYRTtGa3fZQqu6BztRHDSZQfc+K08VTmAjr
iw==
-----END CERTIFICATE-----
CACERT
my $uri = << 'REDIRECT_FULL';
https://netsaml2-testapp.local/sls-redirect-response?SAMLResponse=jVJda%2BswDP0rxe%2BpXefDiUkKl9sNCtse1rKHvQzZUe5CXTtEDtv%2B%2FdJ2gw3GuG8SOudIR1JNcHSDvgn%2FwhTvkYbgCRevR%2BdJn0sNm0avA1BP2sMRSUerd39ub7RcCj2MIQYbHLtQfgcDEY6xD559afDflA1S7D2ckoY9xziQ5txj...
REDIRECT_FULL
my $redirect = Net::SAML2::Binding::Redirect->new(
cert => $cacert,
param => 'SAMLResponse',
);
my ($response, $relaystate) = $redirect->verify($uri);
like($response, qr/urn:oasis:names:tc:SAML:2.0:status:Success/, "Full URI is correct");
$uri = << 'REDIRECT_URI';
/sls-redirect-response?SAMLResponse=jVJda%2BswDP0rxe%2BpXefDiUkKl9sNCtse1rKHvQzZUe5CXTtEDtv%2B%2FdJ2gw3GuG8SOudIR1JNcHSDvgn%2FwhTvkYbgCRevR%2BdJn0sNm0avA1BP2sMRSUerd39ub7RcCj2MIQYbHLtQfgcDEY6xD559afDflA1S7D2ckoY9xziQ5txjPInIJM5VGIalCxYcJ0fJiG0%2Foo1z...
REDIRECT_URI
$redirect = Net::SAML2::Binding::Redirect->new(
cert => $cacert,
param => 'SAMLResponse',
);
($response, $relaystate) = $redirect->verify($uri);
like($response, qr/urn:oasis:names:tc:SAML:2.0:status:Success/, "Path only URI is correct");
$uri = << 'REDIRECT2_URI';
SAMLResponse=jVJda%2BswDP0rxe%2BpXefDiUkKl9sNCtse1rKHvQzZUe5CXTtEDtv%2B%2FdJ2gw3GuG8SOudIR1JNcHSDvgn%2FwhTvkYbgCRevR%2BdJn0sNm0avA1BP2sMRSUerd39ub7RcCj2MIQYbHLtQfgcDEY6xD559afDflA1S7D2ckoY9xziQ5txjPInIJM5VGIalCxYcJ0fJiG0%2Foo1zcHHFFttNw7abp3K1KsoUTVK...
REDIRECT2_URI
$redirect = Net::SAML2::Binding::Redirect->new(
cert => $cacert,
param => 'SAMLResponse',
);
($response, $relaystate) = $redirect->verify($uri);
like($response, qr/urn:oasis:names:tc:SAML:2.0:status:Success/, "Parameters only URI is correct");
$uri = << 'REDIRECT3_URI';
?SAMLResponse=jVJda%2BswDP0rxe%2BpXefDiUkKl9sNCtse1rKHvQzZUe5CXTtEDtv%2B%2FdJ2gw3GuG8SOudIR1JNcHSDvgn%2FwhTvkYbgCRevR%2BdJn0sNm0avA1BP2sMRSUerd39ub7RcCj2MIQYbHLtQfgcDEY6xD559afDflA1S7D2ckoY9xziQ5txjPInIJM5VGIalCxYcJ0fJiG0%2Foo1zcHHFFttNw7abp3K1KsoUTV...
REDIRECT3_URI
$redirect = Net::SAML2::Binding::Redirect->new(
cert => $cacert,
param => 'SAMLResponse',
);
($response, $relaystate) = $redirect->verify($uri);
like($response, qr/urn:oasis:names:tc:SAML:2.0:status:Success/, "Parameters only begin with '?' URI is correct");
t/21-artifact-response.t view on Meta::CPAN
use Test::Lib;
use Test::Net::SAML2;
use Sub::Override;
use Net::SAML2::Protocol::LogoutResponse;
use Net::SAML2::Protocol::Artifact;
use Net::SAML2::Protocol::Assertion;
use URN::OASIS::SAML2 qw(:urn);
my $artifact_assertion_response = << 'ASSERTION_RESPONSE';
<samlp:ArtifactResponse xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="ID_78cb9be7-12e9-4457-990f-b0ab4fb63f9f" InResponseTo="NETSAML2_7aaf00ca84...
ZKC4eQWtRMFui3jzHS3Py+L7Jj15z4sjP7wURLBhxAv4tkYxNK8BAka/JjaZOz1VbhcuYcSTzCCm
ypJaSLWIQTj+SgCJvsX22vJ71q1pRgfcSeD2bAIEVdqqCvCBpMoRMoMzAMQchJ7yertoQso/9pAV
LOu+fF4C1UARuKjzFdFT2tkUigW4LvAK4XaQzPRhHVjWO1z+t9XeA0qkMUMCMiSNzRSvQb3DB9XV
tmjFOE3ajs92hg65EC7ByJ8ze+wk41c5ua0xEA==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIICnTCCAYUCBgGEmFcmeDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdGb3N3aWtpMB4XDTIy
MTEyMTAzNTczOVoXDTMyMTEyMTAzNTkxOVowEjEQMA4GA1UEAwwHRm9zd2lraTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJeeWUPyhuxoA0S7tWF5eG18l5cSZYXjbH2eoa6bXNJB1h2L
1Bmi5a14DVSPQETeUo/l9yzOdpp23ngCvROue0uwg4fNTqdOECOYjIgFuDTwRAtvFoKXZ1He8AD6
OlgwP/k2ne85NxQ+rCt/bxrJ2b8J57J0FjphfHVJcgTZEu8fmahkO6sYYiURb65mVzR9I7Sq9W1t
DGrCIup7h9kYi+xDcAjVreZboYqpiL/ElqJGYkp12PXfx/RFsswu7ICCjjIK7WyuqvSrdzW0vHgL
ZmaVe+KzE80Ig3VAsO4lbCBs8JHS6CkmHc48kfiC2qmiBfE1WVA2tmiGSCo3URbg6VUCAwEAATAN
BgkqhkiG9w0BAQsFAAOCAQEAbridXRbw3WeKUyeR8o5IzdEtO8j+vw6jCd2lBHLEi2sPpHhi6+Lj
cQ+haqALCB2dknuBQHt3HBo/U9cRFBa5xA5z0Do06CsrZ2czks3icXYkCzVCOtCvbj/79Vo3JLoV
ifX+rLEYlxhKVaVhFslwSoS59kFwuMAo73szhW0C8HLtWDN0yrS/XDw1Nidesx+AmDEr/K5ofgKa
H/zExdQG7RcrAeHGswluWrEd43wLuX1UpIp6CLsrVSGwDQNCsgZATXbiyYS3RNhQeAW7hW9aJuG+
tqFxJ4u+6crHsA/FLZ2XVquRHx5dClGa9i9aPaK6Q7V9fo9KpgCBCAShpBabNA==</dsig:X509Certificate></dsig:X509Data><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>l55ZQ/KG7GgDRLu1YXl4bXyXlxJlheNsfZ6hrptc0kHWHYvUGaLlrXgNVI9ARN5Sj+X3LM52mnbe
eAK9E657S7CDh81Op04QI5iMiAW4NPBEC28WgpdnUd7wAPo6WDA/+Tad7zk3FD6sK39vGsnZvwnn
snQWOmF8dUlyBNkS7x+ZqGQ7qxhiJRFvrmZXNH0jtKr1bW0MasIi6nuH2RiL7ENwCNWt5luhiqmI
v8SWokZiSnXY9d/H9EWyzC7sgIKOMgrtbK6q9Kt3NbS8eAtmZpV74rMTzQiDdUCw7iVsIGzwkdLo
KSYdzjyR+ILaqaIF8TVZUDa2aIZIKjdRFuDpVQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:S...
ASSERTION_RESPONSE
my $artifact_logout_response = << 'LOGOUT_RESPONSE';
<samlp:ArtifactResponse xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="ID_7dd3a831-57e9-409e-873e-eb4730ed8392" InResponseTo="NETSAML2_209c37a48a...
cClAeaHcn419fdNJXEX7dhcx36rLA4xKV8JHNuvjoKbb31D5DQAsE2YH4qqoy3SQr5FiLRfGdnTj
6F0CN73BjecaoxgiV+5ajS5YwHHDirolRbHQdWVC6KFqlfpqSv743bbZhBThjVBxeyKCpmFaGnZM
JM/UQbY7aPe1yqnbATvEcj+9N25Q7+RDNIxVnjXIq2FzNXE12PbUm/gMW1hBbGtH59CEvs0xOuB5
v+kSGB6yVS3Odz5m4wFvtK4ABuLMQmKqDb3TXw==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIICnTCCAYUCBgGEmFcmeDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdGb3N3aWtpMB4XDTIy
MTEyMTAzNTczOVoXDTMyMTEyMTAzNTkxOVowEjEQMA4GA1UEAwwHRm9zd2lraTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJeeWUPyhuxoA0S7tWF5eG18l5cSZYXjbH2eoa6bXNJB1h2L
1Bmi5a14DVSPQETeUo/l9yzOdpp23ngCvROue0uwg4fNTqdOECOYjIgFuDTwRAtvFoKXZ1He8AD6
OlgwP/k2ne85NxQ+rCt/bxrJ2b8J57J0FjphfHVJcgTZEu8fmahkO6sYYiURb65mVzR9I7Sq9W1t
DGrCIup7h9kYi+xDcAjVreZboYqpiL/ElqJGYkp12PXfx/RFsswu7ICCjjIK7WyuqvSrdzW0vHgL
ZmaVe+KzE80Ig3VAsO4lbCBs8JHS6CkmHc48kfiC2qmiBfE1WVA2tmiGSCo3URbg6VUCAwEAATAN
BgkqhkiG9w0BAQsFAAOCAQEAbridXRbw3WeKUyeR8o5IzdEtO8j+vw6jCd2lBHLEi2sPpHhi6+Lj
cQ+haqALCB2dknuBQHt3HBo/U9cRFBa5xA5z0Do06CsrZ2czks3icXYkCzVCOtCvbj/79Vo3JLoV
ifX+rLEYlxhKVaVhFslwSoS59kFwuMAo73szhW0C8HLtWDN0yrS/XDw1Nidesx+AmDEr/K5ofgKa
H/zExdQG7RcrAeHGswluWrEd43wLuX1UpIp6CLsrVSGwDQNCsgZATXbiyYS3RNhQeAW7hW9aJuG+
tqFxJ4u+6crHsA/FLZ2XVquRHx5dClGa9i9aPaK6Q7V9fo9KpgCBCAShpBabNA==</dsig:X509Certificate></dsig:X509Data><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>l55ZQ/KG7GgDRLu1YXl4bXyXlxJlheNsfZ6hrptc0kHWHYvUGaLlrXgNVI9ARN5Sj+X3LM52mnbe
eAK9E657S7CDh81Op04QI5iMiAW4NPBEC28WgpdnUd7wAPo6WDA/+Tad7zk3FD6sK39vGsnZvwnn
snQWOmF8dUlyBNkS7x+ZqGQ7qxhiJRFvrmZXNH0jtKr1bW0MasIi6nuH2RiL7ENwCNWt5luhiqmI
v8SWokZiSnXY9d/H9EWyzC7sgIKOMgrtbK6q9Kt3NbS8eAtmZpV74rMTzQiDdUCw7iVsIGzwkdLo
KSYdzjyR+ILaqaIF8TVZUDa2aIZIKjdRFuDpVQ==</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:S...
LOGOUT_RESPONSE
my $override = Sub::Override->override(
'Net::SAML2::Protocol::Assertion::valid' =>
sub {
my ($self, $audience, $in_response_to) = @_;
return 0 unless defined $audience;
return 0 unless($audience eq $self->audience);
t/25-verify-authn-post-sign_xml.t view on Meta::CPAN
my $post = $sp->sp_post_binding($idp, 'SAMLRequest');
my $signed = decode_base64($post->sign_xml($authn));
my $dom = XML::LibXML->load_xml( string => $signed );
my $parser = XML::LibXML::XPathContext->new($dom);
$parser->registerNs('saml2p', 'urn:oasis:names:tc:SAML:2.0:protocol');
$parser->registerNs('saml2', 'urn:oasis:names:tc:SAML:2.0:assertion');
$parser->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
ok($parser->exists('//dsig:Signature'), "The XML is now signed");
done_testing;
t/data/digid-anul-artifact-response.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_5ede0a3002fb0efe627efc...
<saml:Issuer>https://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_5ede0a3002fb0efe627efc4bf3a076b7a3810a80">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>value here</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>some sig here</ds:SignatureValue>
<ds:KeyInfo>
t/data/digid-live.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_7667e303c2457eae23023e...
<saml:Issuer>https://some.idp.tld/saml/idp/metadata</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_7667e303c2457eae23023e10a9f8d22c47eed001">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
</ds:SignatureValue>
t/data/digid-live.xml view on Meta::CPAN
<samlp:Response ID="_824e2af075f407300cc16718bef3cff2af56860e" Version="2.0" IssueInstant="2023-03-29T14:45:41Z" InResponseTo="NETSAML2_d30c7b67c92a1aa880ddd72696fc2a69d8b04899bdcefb55d01ffd4a1495f2d2">
<saml:Issuer>https://some.idp.tld/saml/idp/metadata</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="_be45c8d0431bc0b79600b48e6b21cb4f4d3b39a3" Version="2.0" IssueInstant="2023-03-29T14:45:41Z">
<saml:Issuer>https://some.idp.tld/saml/idp/metadata</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_be45c8d0431bc0b79600b48e6b21cb4f4d3b39a3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
</ds:SignatureValue>
t/data/eherkenning-assertion.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchem...
<saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:9619</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_18092d41-6cef-35f7-9b9d-ec8d77fd3913">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>iPHX4LfXJBeL6RObZuKwo7vgsbvmAOUyYN/POoNUx8Y=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
</ds:SignatureValue>
t/data/eherkenning-assertion.xml view on Meta::CPAN
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" ID="_d144ac7b-d9eb-3e6a-af74-239b04407bb6" IssueInstant="2020-06-02T11:48:07Z" Version="2.0">
<saml:Issuer>urn:etoegang:HM:00000003244440010000:entities:9619</saml:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_d144ac7b-d9eb-3e6a-af74-239b04407bb6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>UFN6McXkDimtt1FJGAbspTnn5QKR35LlZhP1pCWjkEU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
</ds:SignatureValue>
t/data/eherkenning-assertion.xml view on Meta::CPAN
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2020-06-02T11:48:07Z" NotOnOrAfter="2020-06-02T11:53:07Z">
<saml:AudienceRestriction>
<saml:Audience>urn:etoegang:DV:00000003519026720000:entities:9009</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:Advice>
<saml:Assertion ID="_a4f31bdc-27fa-4461-8e20-44abe182152d" IssueInstant="2020-06-02T11:48:03.9411148Z" Version="2.0">
<saml:Issuer>urn:etoegang:AD:00000003244440010000:entities:9133</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_a4f31bdc-27fa-4461-8e20-44abe182152d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>F61t0hX1txbsS3JTZcjl6ZkdJzUK5HKIipmWlIGGWdw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
</SignatureValue>
<KeyInfo>
<KeyName>AE656D09EFED8D18D2B70DD97D98DF49271F98C8</KeyName>
t/data/eherkenning-assertion.xml view on Meta::CPAN
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_e99996ed43274d6d988dd5593584827b"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>yyMyf9c+UOG+/gDXlxtGM5DvaD5LpotkB38qHMDys7YW3tpCdCPdLZK6M3HfQ3l6PnpoXb5/xiHHFmM4TNqRbSfFCizzj0OV4K0eEeGH3OTMY4CoqqdIrGq4i8qaAnS0jrkUKfc1rOkJ2+rS/G+tgTLOet0KL/8w5NYKlq6bIm698cIAjH88ct+tnfb/UFmpq3xGCusZTicTTGydfkXT...
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_e99996ed43274d6d988dd5593584827b" Recipient="urn:etoegang:MR:00000003244440010000:entities:9133">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>AE656D09EFED8D18D2B70DD97D98DF49271F98C8</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>QWMl8nT4yIt7RjUZ5dIwqcw7se3Q85uutNBxostCdjC+mlef3YDmAWIs4cfAV6nb7ryzDMtlQ2yuEnhHmiXt3FBUh72gMEO8lYqMrWOGyhjCbBoXSpYhdpcdmsoAPF1EZ/RX0PAXw1RR5Xi7LLj+GIfywqTIVR0xdLTosGu8Gc5tpur/4EWGhlFDUyTOAXIWhpMMyFzhxsneGICaQKrZ...
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_6742612ee64e460cac2859adec05904c"/>
</xenc:ReferenceList>
t/data/eherkenning-assertion.xml view on Meta::CPAN
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ServiceUUID">
<saml:AttributeValue xsi:type="xs:string">b2ba62a6-419c-4331-8fbb-40c7b589978d</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<saml:Assertion xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" ID="_4b15fbf16a5241a48d26e33332f3c248" IssueInstant="2020-06-02T11:48:06.9118579Z" Version="2.0">
<saml:Issuer>urn:etoegang:MR:00000003244440010000:entities:9133</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_4b15fbf16a5241a48d26e33332f3c248">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>NUIN4q0Eh/F56lBBwmwqWaU3fw05xuxXw9wazTNOxN8=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>p/mblPBRP9HpApQDeHjHYJDruakuvb9aFyXLuoLUtFhyN2K2R29I2P4z7h8I0TBSOybh3dTH1EeTV082RFFoDgif/bQm9SwMlVDcIVWGfHucw4fEAI81LD0P+yphSnrIpgNOeU5CVqzEFVG6YqmDWL3FerSvqq2daTQhTSFK0IGJExBcVn5TvZaAGOBgPfZ+b4hc59LpQh8AMyl2L9w2fxdoRXVVw0W/...
<KeyInfo>
<KeyName>AE656D09EFED8D18D2B70DD97D98DF49271F98C8</KeyName>
</KeyInfo>
t/data/eherkenning-assertion.xml view on Meta::CPAN
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_274393f79fcd4cc9a961cb34c72e5c3f"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>1ieYHlvke4/6DoSixe+fDW7HnWYaxj0mvyg8Aemy0OLGsQ3gAaUSONiJG234inYO3P7rdzXCKIN3eAZxleUTULUxeu8jec8GnDw9AMPcZBityjrXWit3B4QojDLNUPtoCNwBTRK5aXKJlRrNpfQh+XkmOEQNypKhz2tkaxOS95dpp14NBqXA1qWNJG5wMnlpSsXnD8I/twNwHhKO...
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_274393f79fcd4cc9a961cb34c72e5c3f" Recipient="urn:etoegang:DV:00000003519026720000:entities:9009">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>0c899435b6148eefc6d88edac227f2fb</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>d4RFZXIU0Gha7pQI7jsgJ7NsA0gEX9tCx42CMT0smh57oVLtU8aERm9zvY+035vEutnYWJd0sTmiJcoYPGMCfVu5hutV3LB/AsulVdJD9k/dpeSVEJGZgaruy4D1mNnyzpd6oWOxQsZf6tSs+J5Newp4biDaVljrT6NY9aUnJ3UGYa0MdfSJ/lK9r3eMlIeDrUZRwyWF1L6OxBsj...
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_c84d8c57eb764df6a67fd65bf7ee4cd1"/>
</xenc:ReferenceList>
t/data/eherkenning-assertion.xml view on Meta::CPAN
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo>
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_c88061b5c14e4636a57532ee6c6c2c7d"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>bqBbVcdRrtgYD4Qf8cSi00zYHdGMZYIpRdiRWRXWAy76WFyzJonDgyYgD83nk23WLolNnWj6S9faWeQopQIX5UmP76ZGLs8kYUO3exb4HLTAEx0loAqBKoVFqIA+POXLTfTIbsabcnlrMCjvBn+bktulGS2VPMbZQXqN4cUUYmzanU82VEJO0vr9Qv4DjQnAlu7Vr8ZJ04MzlOWO...
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_c88061b5c14e4636a57532ee6c6c2c7d" Recipient="urn:etoegang:DV:00000003519026720000:entities:9009">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:KeyName>0c899435b6148eefc6d88edac227f2fb</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>NAM/w4SL/49JcxfmKyadrd4JUwI0PZXYrcbQo3SKgkuOFdO0J5tFa2JnVQ/coBUIR2qQ+PTB5Gmq6oIE62G0UAmH5wokXzOvte6CIJEaQPNohMy4xJN4Hmia6sedQRPMcIhKPhiyOE0p2mxXVzwGckLWcJOdlrxOM4r1m8OBG7ecgdxus1KAOQTCT2ww4wNr71onS0qMO9Jubh5Y...
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_269cdc44b6c34f60ab56c4178b8bd778"/>
</xenc:ReferenceList>
t/data/eherkenning-decrypted.xml view on Meta::CPAN
<saml2p:ArtifactResponse xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xacml-saml="urn:oasis:xacml:2.0:saml:assertion:schema:os" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_219efecacf86930...
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:etoegang:HM:00000003244440010000:entities:9713</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_219efecacf869301bd82c1f9dd144523">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml xs xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>gtrVvmWsURaqysca0hkqaIlsrbLS2AI98M2E/E3qyZ4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>qQy7XZqnnOZA83sXnXDTovux7Ofw4GQu0ierrIrbMKoFN/yj276RU2G/7l943b0nXmjvAPFCtxxxWEUxQT5EFdCj9PcPLivExUgVcx9lWYeCpSNXUKC0Fh8a+80qgcSIIfJFwXs1SeH+UtrHqpW0eCQR4Kx4Fofq5lVIkZE7CzBzlMgB/qtwQ3cPUhzzG+SiFJKvQhmg79nwXgjOPACJ0t9XMLbQnG8joYP...
<ds:KeyInfo>
<ds:KeyName>e927ec25c5a680fdd3d1d1b4bf69f47de614c9bc1c2066b0f665f7e12f21d68d</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2p:Response Destination="https://test.zaaksysteem.nl/auth/saml/consumer-artifact" ID="_3e6519c92c9b4c529706de01b9afa604" InResponseTo="_d8230c16a9e8386d6ddca7d98867350615e59dc0" IssueInstant="2023-06-18T15:02:56.414Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:etoegang:HM:00000003244440010000:entities:9713</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_3e6519c92c9b4c529706de01b9afa604">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml xs xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>46mGbiW9XW5u2I0Ze2lvX8u0T9Y6lgx/RUmlXFZFddE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>kHPVgEp/KtmEy4NlPNI7em5jMzOLuMhKdAUbI+DfEOnZsH+1zCNqx32qIWOWekFUGHQKLOedWwEBBF8yh5+7fNn0MaHjaF2QzIL/6J6P2x22Fqb/th8PwOA0m8a8wtGBO5EYg5MSwr7FnXUuLUF2p7C/9OlNjpdYX7gn4wIGRZKMHo5KUk8gAJ+ckOs9Epfc0z1OQlUgifvbttmaX/JaUHn0Mcs7bm19o...
<ds:KeyInfo>
<ds:KeyName>e927ec25c5a680fdd3d1d1b4bf69f47de614c9bc1c2066b0f665f7e12f21d68d</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_b54c18c05c904109ba908b08dcd6c5d2" IssueInstant="2023-06-18T15:02:56.456Z" Version="2.0">
<saml2:Issuer>urn:etoegang:HM:00000003244440010000:entities:9713</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_b54c18c05c904109ba908b08dcd6c5d2">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml xs xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>5D65isR15efftrsJAl2Qty2jWPHKOtxuse3V/MO8cYI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Iz1/cNxrpohvAlVy0dnSdRUM7PLdlY5glURjgU7H4MBF2s2t2KAqfRA6kPs2tZwNTGW1MpAIKcsxZmMAfLuEORCTS+kNgrF2juwLFpNeH3TgSkoXkgmkBWyx+FRiIoeT1TWgDJVZu8bg9KFxcU1dkcEqPQ8OMkjrJION/x5kq/Ao7ieVhEREXAIPLgSfU2zbz55Biby9FoX6w8eZGQDy+Q1iRLZ3qD4...
<ds:KeyInfo>
t/data/eherkenning-decrypted.xml view on Meta::CPAN
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2023-06-18T15:02:51.456Z" NotOnOrAfter="2023-06-18T15:04:56.456Z">
<saml2:AudienceRestriction>
<saml2:Audience>urn:etoegang:DV:0000000398765432100000:entities:9009</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:Advice>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s273cee5425e2f5382c41826d20b098eba4696c0cf" IssueInstant="2023-06-18T15:02:48Z" Version="2.0">
<saml:Issuer>urn:etoegang:AD:00000001234567890000:entities:9113</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#s273cee5425e2f5382c41826d20b098eba4696c0cf">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>/kVaI5+1TP5Cn7fYanEW7qluIRahX0aCoUteY+G8h9s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B7UHz/59RCPNI/wT3zubxSFVVljaBF9s4W0Fz0DY6n43ULnTd1hYe1IPCKllqkEjbeqzDwQ+Y/u8ryUcZziUWRdECYkv8nOToPqhfR/xle60SASVNBqkPqh+N3E2azWF1bn2Y2TdOynwY+dS1dqZco+uusxnHUPWCQq2qC+LgGaLJXkCnG1jyidUMZU4ABwpttS+ymQnnuFCcdsiLPyW7qyCp7W...
<ds:KeyInfo>
<ds:KeyName>43005cb6118b950cbc6664945cec888debc594a0</ds:KeyName>
</ds:KeyInfo>
t/data/eherkenning-decrypted.xml view on Meta::CPAN
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">b2ba62a6-419c-4331-8fbb-40c7b589978d</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:AuthorizationRegistryID">
<saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:etoegang:MR:00000001234567890000:entities:9113</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="urn:etoegang:core:ActingSubjectID">
<saml:AttributeValue>
<saml:EncryptedID>
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_a53dd1244ead4093a92af6b71711fde2" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_09149aedaa38412a88fa58265473b782"/>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>RjKMkoJN6X3nnZ2lc7DkbusNScDMOodogH5gug1m5t8aOAvvThxlO78pj7Bn0hc8jv33B2n2YZ9Y/lZoC4DMf5tB9ENg9r4wGOuUBcxboJWjMcQO3n0Tmp7kkEiJq6LEOHvxmosIEVPE1jPG6mSmlCczmhzRITMT0yaP7ojIUYCia4zkaUsAq8LVuy1DKQgi0j5QK8IzxZJMClY+8/...
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_09149aedaa38412a88fa58265473b782" Recipient="urn:etoegang:MR:00000001234567890000:entities:9113">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>43005cb6118b950cbc6664945cec888debc594a0</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>I+fT7rI7bWEQfPaXzwwQAvfaiTYoRlkMYQRN1f8jz5aBTzzPvscKta3ZV7WD7oT5av6vDRjAm4ojh9sREGsWWBxcVwPxzrXj9sDiVg2m7rIJcnosdjrm9uugwjWnbyrR44ZFRoQ0uHEuUHK1JgK69eLbFWRMqT/nykpVgfbTXinNLWHDKegIgVgq3X6jYwTcT0tasDZ2GM8rVF9nVg...
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_a53dd1244ead4093a92af6b71711fde2"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml:EncryptedID>
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<saml2:Assertion ID="_1552dc764398cc35498ed317c71e539f" IssueInstant="2023-06-18T15:02:54Z" Version="2.0">
<saml2:Issuer>urn:etoegang:MR:00000001234567890000:entities:9113</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_1552dc764398cc35498ed317c71e539f">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xacml-saml"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>07vkS10NaXh8xvTbG6qVde+TkN1+PkTF67DuklCn0y4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>eZicCWn1aZ6mwQ5af05SmQA2cvLIGnwX5P3vr3WGsOkqOTBar+QVWwFxmur58TntSVpzKTgW4YEpIsbvQqURIjC8g53Lr0bHvROQMF4ZG1+uNHZ83BC2rtIqQ1oqhDr6h3gKBs2QKB8n2GscwBDq/NGuoOEL+h4+OMSfFMpkDbfhoEIvk2ox7dGdh3IJKlpN4Hd3UKRoImoJkw7BO1EbLNBcWms...
<ds:KeyInfo>
t/data/failed-assertion.xml view on Meta::CPAN
<samlp:StatusCode Value="main status">
<samlp:StatusCode Value="sub status"/>
</samlp:StatusCode>
<samlp:StatusMessage>Authentication Failed</samlp:StatusMessage>
<samlp:StatusDetail>
<Cause>org.sourceid.websso.profiles.idp.FailedAuthnSsoException</Cause>
</samlp:StatusDetail>
</samlp:Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0024c3a6-3b4e-4920-8c59-0602ae4a3c5d" IssueInstant="2018-07-25T08:02:24.341Z" Version="2.0">
<Issuer>http://adfs.dev.mintlab.nl/adfs/services/trust</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_0024c3a6-3b4e-4920-8c59-0602ae4a3c5d">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>/UGIkccgX9xPwusXApqxm7KDyLpgx7W/tp6gANTvNsw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate/>
</ds:X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_c217d2c8502884bf418552907827f430d745fa6c" NotOnOrAfter="2018-07-25T08:07:24.342Z" Recipient="https://testsuite.zaaksysteem.nl/auth/saml/consumer-post"/>
</SubjectConfirmation>
</Subject>
t/data/idp-metadata-multiple-invalid-use.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C01nccos6" validUntil="2022-04-20T00:56:59.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAVuOAyTCMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTcwNDIx
MDA1NjU5WhcNMjIwNDIwMDA1NjU5WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsziYPBZSqLzs5pFfoZPTVyoHwM4fmI9qQIScWJB0435ss5HDRDKBTvO8rg2sGbfM
SYVINLvesTeTNkPkMfoSplne6uWjAWkoskvls+0bzp8jAXb+UJ1cZplQxhWW25TsEcpcMX+p4J0v
/syO9lyDubNSpchPGIuzitKXdwFkgcOiCFk+01MF3COKaO6HoLr5Jqf7I6qjJy72h3ZC7rGUtwjC
t/data/idp-metadata-multiple-invalid-use.xml view on Meta::CPAN
cCFcWaVh/mljxD/V20VNMAlzN8VXM/WjbBSAePS30VRF6xXlzwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQAKxc4M+il/bQQcmm/JNKF5ypeC0YH+oRjSwec84pznP2qqjWosR2uR9hL6CN2dOZU/uCaX
1nZviGIlsw9n7JUEfxMs4azYWfdTz7C7l9x6HpF/QK5NwBe1z3iPZAiKR8hBqt7IeN3nlT4RsaMr
0E9UbG5pimxEG0uves5BoHS+3Xfb8sd33dNRyCm22nb2wWGG+jTKy2G8/24gHB2c0X6/AiD3dZbY
qf7pFRWrXefkMaUMaCMnQh+owjjxVNEAAQ8QU/2Hwhz6pR0eEGL6UwWufJX8uSGaxqn+397MdrI4
CE0gQAZXrB1L3PU9tdyiap2hWQPo8T2STpOtvcovFPHs</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAWj+rlteMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTkwMjE4
MDMzNzQ1WhcNMjQwMjE3MDMzNzQ1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAubE4/cl70Lc2f7VV+ZJyzYIzuAMj6ejlbtRnym2kgyYjaaO0MVU/r38oRC7UqdQI
XwA0/S1Eu0k6EYcCUiyTGWz3HKv/OSOSnSDpN4wEWaZbmJYvu8SjWZQCVdcM4fx1kzrtE+LEBTOK
gj0k2G1qUMNI7xaqiJONO9aIeCic5zbACNpc+IOZoRS4RaY5Ie7W1ZIXAJ0xWL3snVdqklaJzzU2
t/data/idp-metadata-multiple-signing-azure.xml view on Meta::CPAN
<?xml version="1.0" encoding="utf-8"?>
<EntityDescriptor ID="_0e7dc0f5-bee7-46b8-a605-6ea4c23ce815" entityID="https://sts.windows.net/239f867f-feea-452e-a800-6859e696161c/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="#_0e7dc0f5-bee7-46b8-a605-6ea4c23ce815">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>AYMN+ZKX6XetDQthwoDn4kj2YyHnpIm010VDv6V0f84=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>siwl9DYiwerA7RdO9K/PGz2goeiH3sezKbSMVuIUWAc1forZMKCv4hGIt4s5rgJLDo63qqd5lYS+U2tR47/jwIzA8UNtP5P8pchV/p/WXzIq8obzDpe3P9ysMxD5IgpE1E/mILM/+JuINzxXD/YrdW70K5vqUvUo7lKLPyAo+I7SX1x4abUBfs8u+X8dATpKCiFZyan0bxydRD2GjqHEkhMbonHHULnWHk...
<KeyInfo>
<X509Data>
<X509Certificate>
MIIDhTCCAm2gAwIBAgIJAJZ1R0cT7w9TMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFTATBgNVBAMMDDE3Mi4xOS4zLjEwNTAeFw0yMTAxMjgxMTUzMzhaFw0yMjAxMjMxMTUzMzhaMFkxCzAJBgNVBAYTAl...
</X509Data>
</KeyInfo>
</Signature>
<RoleDescriptor xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/2...
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIDhTCCAm2gAwIBAgIJAJZ1R0cT7w9TMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFTATBgNVBAMMDDE3Mi4xOS4zLjEwNTAeFw0yMTAxMjgxMTUzMzhaFw0yMjAxMjMxMTUzMzhaMFkxCzAJBgNVBA...
</X509Data>
</KeyInfo>
</KeyDescriptor>
<fed:ClaimTypesOffered>
<auth:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706">
<auth:DisplayName>Name</auth:DisplayName>
<auth:Description>The mutable display name of the user.</auth:Description>
t/data/idp-metadata-multiple-signing-azure.xml view on Meta::CPAN
</wsa:EndpointReference>
</fed:SecurityTokenServiceEndpoint>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://login.microsoftonline.com/239f867f-feea-452e-a800-6859e696161c/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</RoleDescriptor>
<RoleDescriptor xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200...
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIDhTCCAm2gAwIBAgIJAJZ1R0cT7w9TMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFTATBgNVBAMMDDE3Mi4xOS4zLjEwNTAeFw0yMTAxMjgxMTUzMzhaFw0yMjAxMjMxMTUzMzhaMFkxCzAJBgNVBA...
</X509Data>
</KeyInfo>
</KeyDescriptor>
<fed:TargetScopes>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://sts.windows.net/239f867f-feea-452e-a800-6859e696161c/</wsa:Address>
</wsa:EndpointReference>
t/data/idp-metadata-multiple-signing-azure.xml view on Meta::CPAN
</wsa:EndpointReference>
</fed:ApplicationServiceEndpoint>
<fed:PassiveRequestorEndpoint>
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>https://login.microsoftonline.com/239f867f-feea-452e-a800-6859e696161c/wsfed</wsa:Address>
</wsa:EndpointReference>
</fed:PassiveRequestorEndpoint>
</RoleDescriptor>
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>
MIIDhTCCAm2gAwIBAgIJAJZ1R0cT7w9TMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFTATBgNVBAMMDDE3Mi4xOS4zLjEwNTAeFw0yMTAxMjgxMTUzMzhaFw0yMjAxMjMxMTUzMzhaMFkxCzAJBgNVBA...
</X509Data>
</KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/239f867f-feea-452e-a800-6859e696161c/saml2" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/239f867f-feea-452e-a800-6859e696161c/saml2" />
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/239f867f-feea-452e-a800-6859e696161c/saml2" />
</IDPSSODescriptor>
t/data/idp-metadata-multiple-signing.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C01nccos6" validUntil="2022-04-20T00:56:59.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAVuOAyTCMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTcwNDIx
MDA1NjU5WhcNMjIwNDIwMDA1NjU5WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsziYPBZSqLzs5pFfoZPTVyoHwM4fmI9qQIScWJB0435ss5HDRDKBTvO8rg2sGbfM
SYVINLvesTeTNkPkMfoSplne6uWjAWkoskvls+0bzp8jAXb+UJ1cZplQxhWW25TsEcpcMX+p4J0v
/syO9lyDubNSpchPGIuzitKXdwFkgcOiCFk+01MF3COKaO6HoLr5Jqf7I6qjJy72h3ZC7rGUtwjC
t/data/idp-metadata-multiple-signing.xml view on Meta::CPAN
cCFcWaVh/mljxD/V20VNMAlzN8VXM/WjbBSAePS30VRF6xXlzwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQAKxc4M+il/bQQcmm/JNKF5ypeC0YH+oRjSwec84pznP2qqjWosR2uR9hL6CN2dOZU/uCaX
1nZviGIlsw9n7JUEfxMs4azYWfdTz7C7l9x6HpF/QK5NwBe1z3iPZAiKR8hBqt7IeN3nlT4RsaMr
0E9UbG5pimxEG0uves5BoHS+3Xfb8sd33dNRyCm22nb2wWGG+jTKy2G8/24gHB2c0X6/AiD3dZbY
qf7pFRWrXefkMaUMaCMnQh+owjjxVNEAAQ8QU/2Hwhz6pR0eEGL6UwWufJX8uSGaxqn+397MdrI4
CE0gQAZXrB1L3PU9tdyiap2hWQPo8T2STpOtvcovFPHs</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAWj+rlteMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTkwMjE4
MDMzNzQ1WhcNMjQwMjE3MDMzNzQ1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAubE4/cl70Lc2f7VV+ZJyzYIzuAMj6ejlbtRnym2kgyYjaaO0MVU/r38oRC7UqdQI
XwA0/S1Eu0k6EYcCUiyTGWz3HKv/OSOSnSDpN4wEWaZbmJYvu8SjWZQCVdcM4fx1kzrtE+LEBTOK
gj0k2G1qUMNI7xaqiJONO9aIeCic5zbACNpc+IOZoRS4RaY5Ie7W1ZIXAJ0xWL3snVdqklaJzzU2
t/data/idp-metadata-signing-encryption.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C01nccos6" validUntil="2022-04-20T00:56:59.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAVuOAyTCMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTcwNDIx
MDA1NjU5WhcNMjIwNDIwMDA1NjU5WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsziYPBZSqLzs5pFfoZPTVyoHwM4fmI9qQIScWJB0435ss5HDRDKBTvO8rg2sGbfM
SYVINLvesTeTNkPkMfoSplne6uWjAWkoskvls+0bzp8jAXb+UJ1cZplQxhWW25TsEcpcMX+p4J0v
/syO9lyDubNSpchPGIuzitKXdwFkgcOiCFk+01MF3COKaO6HoLr5Jqf7I6qjJy72h3ZC7rGUtwjC
t/data/idp-metadata-signing-encryption.xml view on Meta::CPAN
cCFcWaVh/mljxD/V20VNMAlzN8VXM/WjbBSAePS30VRF6xXlzwIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQAKxc4M+il/bQQcmm/JNKF5ypeC0YH+oRjSwec84pznP2qqjWosR2uR9hL6CN2dOZU/uCaX
1nZviGIlsw9n7JUEfxMs4azYWfdTz7C7l9x6HpF/QK5NwBe1z3iPZAiKR8hBqt7IeN3nlT4RsaMr
0E9UbG5pimxEG0uves5BoHS+3Xfb8sd33dNRyCm22nb2wWGG+jTKy2G8/24gHB2c0X6/AiD3dZbY
qf7pFRWrXefkMaUMaCMnQh+owjjxVNEAAQ8QU/2Hwhz6pR0eEGL6UwWufJX8uSGaxqn+397MdrI4
CE0gQAZXrB1L3PU9tdyiap2hWQPo8T2STpOtvcovFPHs</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAWj+rlteMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTkwMjE4
MDMzNzQ1WhcNMjQwMjE3MDMzNzQ1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAubE4/cl70Lc2f7VV+ZJyzYIzuAMj6ejlbtRnym2kgyYjaaO0MVU/r38oRC7UqdQI
XwA0/S1Eu0k6EYcCUiyTGWz3HKv/OSOSnSDpN4wEWaZbmJYvu8SjWZQCVdcM4fx1kzrtE+LEBTOK
gj0k2G1qUMNI7xaqiJONO9aIeCic5zbACNpc+IOZoRS4RaY5Ie7W1ZIXAJ0xWL3snVdqklaJzzU2
t/data/idp-samlid-metadata.xml view on Meta::CPAN
<!-- The entity describing the SAMLtest IdP, named by the entityID below -->
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="SAMLtestIdP" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names...
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<Extensions>
<!-- An enumeration of the domains this IdP is able to assert scoped attributes, which are
typically those with a @ delimiter, like mail. Most IdP's serve only a single domain. It's crucial
for the SP to check received attribute values match permitted domains to prevent a recognized IdP from
sending attribute values for which a different recognized IdP is authoritative. -->
<shibmd:Scope regexp="false">samltest.id</shibmd:Scope>
t/data/response-no-assertion.xml view on Meta::CPAN
<samlp:Response ID="_ae896f90-5ecb-4d00-8738-91337236a165" Version="2.0"
IssueInstant="2024-04-10T13:17:32.119Z" Destination="[our SAML callback url]"
Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
InResponseTo="NETSAML2_d54e304a5472d4429f20e3d44a7a224b"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://[IdP testing
domain]/adfs/services/trust</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#_ae896f90-5ecb-4d00-8738-91337236a165">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>K4r9/0ZZqW32TG+jT9tGsKwYKwNzssSSKIo8gvWPCfo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>[the signature value]</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>[the certificate]</ds:X509Certificate>
</ds:X509Data>
</KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
</samlp:Status>
</samlp:Response>
t/data/saml-adfs-plain.xml view on Meta::CPAN
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_f0b0652f-1382-43af-a70e-97254820f180" Version="2.0" IssueInstant="2018-07-25T08:02:24.342Z" Destination="https://testsuite.zaaksysteem.nl/auth/saml/consumer-post" Consent="urn:oa...
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.dev.mintlab.nl/adfs/services/trust</Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0024c3a6-3b4e-4920-8c59-0602ae4a3c5d" IssueInstant="2018-07-25T08:02:24.341Z" Version="2.0">
<Issuer>http://adfs.dev.mintlab.nl/adfs/services/trust</Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_0024c3a6-3b4e-4920-8c59-0602ae4a3c5d">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>/UGIkccgX9xPwusXApqxm7KDyLpgx7W/tp6gANTvNsw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate></ds:X509Certificate>
</ds:X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_c217d2c8502884bf418552907827f430d745fa6c" NotOnOrAfter="2018-07-25T08:07:24.342Z" Recipient="https://testsuite.zaaksysteem.nl/auth/saml/consumer-post"/>
</SubjectConfirmation>
</Subject>
t/data/saml-schema-assertion-2.0.xsd view on Meta::CPAN
<?xml version="1.0" encoding="US-ASCII"?>
<schema
targetNamespace="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
elementFormDefault="unqualified"
attributeFormDefault="unqualified"
blockDefault="substitution"
version="2.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
<import namespace="http://www.w3.org/2001/04/xmlenc#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd"/>
<annotation>
<documentation>
Document identifier: saml-schema-assertion-2.0
Location: http://docs.oasis-open.org/security/saml/v2.0/
Revision history:
V1.0 (November, 2002):
Initial Standard Schema.
V1.1 (September, 2003):
( run in 1.683 second using v1.01-cache-2.11-cpan-5a3173703d6 )