Net-Saml2
view release on metacpan or search on metacpan
TUTORIAL.md view on Meta::CPAN
The URL is created by calling the sign function of the Net::SAML2::Binding::Redirect object with the xml version of the AuthnRequest.
```
my $url = $redirect->sign($authnreq->as_xml);
```
The signed URL is that results is:
```
$VAR1 = 'http://sso.dev.venda.com/opensso/SSORedirect/metaAlias/idp?SAMLRequest=fZFfS4RQEMXf%2BxRy39Xrv9wGFRYsWKglaumhl5j0ioLea8641Lfvagu1EPt6OHPOb2YywqEPR9jO3Oon9TErYudFTdQZnYvQk8LZlbnY3x6etw%2F34dtNXMcSqybB5Po9SYOmwUSGMTbBRkYyRWsnmtVOE6NmmyDDwJWhK9...
```
## Redirect to the user's browser to the URL
At this point the web application needs to redirect the user's browser to the URL. The Identity Provider will receive the XML at the sso_url that was defined in the metadata:
Using a browser add-on like **SAML Message Decoder** you should be able to view the fields in the SAML2 request that the browser sent.
```
<saml2p:AuthnRequest
TUTORIAL.md view on Meta::CPAN
);
my $xml = $sp->metatdata();
return $xml;
```
this results in the following XML
```
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://localhost:3000">
<md:SPSSODescriptor WantAssertionsSigned="0"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
AuthnRequestsSigned="0"
errorURL="http://localhost:3000/saml/error">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEO
lib/Net/SAML2/Binding/Redirect.pm view on Meta::CPAN
my $input = "$request";
my $output = '';
rawdeflate \$input => \$output;
my $req = encode_base64($output, '');
my $u = URI->new($self->url);
$u->query_param($self->param, $req);
$u->query_param('RelayState', $relaystate) if defined $relaystate;
$u->query_param('SigAlg', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
my $key_string = read_file($self->key);
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($key_string);
my $to_sign = $u->query;
my $sig = encode_base64($rsa_priv->sign($to_sign), '');
$u->query_param('Signature', $sig);
my $url = $u->as_string;
return $url;
}
sub verify {
my ($self, $url) = @_;
my $u = URI->new($url);
# verify the response
my $sigalg = $u->query_param('SigAlg');
die "can't verify '$sigalg' signatures"
unless $sigalg eq 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
my $cert = Crypt::OpenSSL::X509->new_from_string($self->cert);
my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($cert->pubkey);
my $sig = decode_base64($u->query_param_delete('Signature'));
my $signed = $u->query;
die "bad sig" unless $rsa_pub->verify($signed, $sig);
# unpack the SAML request
my $deflated = decode_base64($u->query_param($self->param));
lib/Net/SAML2/Binding/SOAP.pm view on Meta::CPAN
no_xml_declaration => 1,
});
my $signed_message = $sig->sign($message);
# OpenSSO ArtifactResolve hack
#
# OpenSSO's ArtifactResolve parser is completely hateful. It demands that
# the order of child elements in an ArtifactResolve message be:
#
# 1: saml:Issuer
# 2: dsig:Signature
# 3: samlp:Artifact
#
# Really.
#
if ($signed_message =~ /ArtifactResolve/) {
$signed_message =~ s!(<dsig:Signature.*?</dsig:Signature>)!!s;
my $signature = $1;
$signed_message =~ s/(<\/saml:Issuer>)/$1$signature/;
}
# test verify
my $ret = $sig->verify($signed_message);
die "failed to sign" unless $ret;
my $soap = <<"SOAP";
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
lib/Net/SAML2/IdP.pm view on Meta::CPAN
}
sub new_from_xml {
my($class, %args) = @_;
my $dom = no_comments($args{xml});
my $xpath = XML::LibXML::XPathContext->new($dom);
$xpath->registerNs('md', 'urn:oasis:names:tc:SAML:2.0:metadata');
$xpath->registerNs('ds', 'http://www.w3.org/2000/09/xmldsig#');
my $data;
for my $sso (
$xpath->findnodes(
'//md:EntityDescriptor/md:IDPSSODescriptor/md:SingleSignOnService')
)
{
my $binding = $sso->getAttribute('Binding');
$data->{SSO}->{$binding} = $sso->getAttribute('Location');
lib/Net/SAML2/SP.pm view on Meta::CPAN
return $post;
}
sub metadata {
my ($self) = @_;
my $x = XML::Generator->new(':pretty', conformance => 'loose');
my $md = ['md' => 'urn:oasis:names:tc:SAML:2.0:metadata'];
my $ds = ['ds' => 'http://www.w3.org/2000/09/xmldsig#'];
$x->EntityDescriptor(
$md,
{
entityID => $self->id },
$x->SPSSODescriptor(
$md,
{ AuthnRequestsSigned => defined($self->authnreq_signed) ? $self->authnreq_signed : '1',
WantAssertionsSigned => defined($self->want_assertions_signed) ? $self->want_assertions_signed : '1',
errorURL => $self->url . '/saml/error',
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
@EXPORT_OK = qw( sign verify );
use Digest::SHA qw(sha1 sha224 sha256 sha384 sha512);
use XML::LibXML;
use Net::SAML2::XML::Util qw/ no_comments /;
use MIME::Base64;
use Carp;
use constant TRANSFORM_ENV_SIG => 'http://www.w3.org/2000/09/xmldsig#enveloped-signature';
use constant TRANSFORM_C14N => 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315';
use constant TRANSFORM_C14N_COMMENTS => 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments';
use constant TRANSFORM_C14N_V1_1 => 'http://www.w3.org/TR/2008/REC-xml-c14n11-20080502';
use constant TRANSFORM_C14N_V1_1_COMMENTS => 'http://www.w3.org/TR/2008/REC-xml-c14n11-20080502#WithComments';
use constant TRANSFORM_EXC_C14N => 'http://www.w3.org/2001/10/xml-exc-c14n#';
use constant TRANSFORM_EXC_C14N_COMMENTS => 'http://www.w3.org/2001/10/xml-exc-c14n#WithComments';
sub DESTROY { }
$SIG{INT} = sub { die "Interrupted\n"; };
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
local $XML::LibXML::skipXMLDeclaration = $self->{ no_xml_declaration };
my $dom = no_comments($xml);
#my $dom = XML::LibXML->load_xml(
# string => $xml,
# no_network => 1,
# load_ext_dtd => 0,
# expand_entities => 0 );
$self->{ parser } = XML::LibXML::XPathContext->new($dom);
$self->{ parser }->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$self->{ parser }->registerNs('ec', 'http://www.w3.org/2001/10/xml-exc-c14n#');
$self->{ parser }->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
print ("Signing XML\n") if $DEBUG;
my @ids_to_sign = $self->_get_ids_to_sign();
foreach (@ids_to_sign) {
my $signid = $_;
# Temporarily create the Signature XML from the part
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
# Create a Signature xml fragment including SignedInfo section
my $signature_xml = $self->_signature_xml( $signed_info, 'REPLACE SIGNATURE ' . $signid );
print ("Sign ID: $signid\n") if $DEBUG;
# Get the XML note to sign base on the ID
my $xml = $self->_get_xml_to_sign($signid);
# Set the namespace but do not apply it to the XML
$xml->setNamespace("http://www.w3.org/2000/09/xmldsig#", "dsig", 0);
# Canonicalize the XML to http://www.w3.org/2001/10/xml-exc-c14n#
# TODO Change the Canonicalization method in the xml fragment from _signedinfo_xml
# <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
# <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
my $xml_canon = $xml->toStringEC14N();
if(my $ref = Digest::SHA->can($self->{ digest_hash })) {
$self->{digest_method} = $ref;
}
else {
die("Can't handle $self->{ digest_hash }");
}
# Calculate the digest of the XML being signed
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my $reference = $signid; #$self->{parser}->findvalue('//@ID', $xml);
print (" Reference URI: $reference\n") if $DEBUG;
# Add the Signature to the xml being signed
$xml->appendWellBalancedChunk($signature_xml, 'UTF-8');
# Canonicalize the SignedInfo to http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
# TODO Change the Canonicalization method in the xml fragment from _signedinfo_xml
my ($signature_node) = $xml->findnodes(
'./dsig:Signature', $xml);
my ($signed_info_node) = $xml->findnodes(
'./dsig:Signature/dsig:SignedInfo',$xml);
# Add the digest value to the Signed info
my ($digest_value_node) = $xml->findnodes(
'./dsig:Signature/dsig:SignedInfo/dsig:Reference/dsig:DigestValue', $signature_node);
$digest_value_node->removeChildNodes();
$digest_value_node->appendText($digest);
# At this point the SignedInfo includes the information
# to allow us to use the _canonicalize_xml with the $signature_node
my $signed_info_canon = $self->_canonicalize_xml($signed_info_node, $signature_node);
# Calculate the signature of the Canonical Form of SignedInfo
my $signature;
if ($self->{key_type} eq 'dsa') {
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
$self->{sig_method} = $ref;
}
else {
die("Can't handle $self->{ sig_hash }");
}
# DSA 1024-bit only permits the signing of 20 bytes or less, hence the sha1
# DSA 2048-bit only permits the signing sha256
my $bin_signature = $self->{key_obj}->do_sign( $self->{ sig_method }($signed_info_canon) );
# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-SignatureAlg
# The output of the DSA algorithm consists of a pair of integers
# The signature value consists of the base64 encoding of the
# concatenation of r and s in that order ($r . $s)
my $r = $bin_signature->get_r;
my $s = $bin_signature->get_s;
my $sig_size = ($self->{key_obj}->get_sig_size - 8) * 8;
my $rs = _zero_fill_buffer($sig_size);
_concat_dsa_sig_r_s(\$rs, $r, $s, $sig_size);
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
} else {
print (" Signing SignedInfo using RSA key type\n") if $DEBUG;
my $sig_hash = 'use_' . $self->{ sig_hash } . '_hash';
$self->{key_obj}->$sig_hash;
my $bin_signature = $self->{key_obj}->sign( $signed_info_canon );
$signature = encode_base64( $bin_signature, "\n" );
}
# Add the Signature to the SignatureValue
my ($signature_value_node) = $xml->findnodes(
'./dsig:Signature/dsig:SignatureValue', $signature_node);
$signature_value_node->removeChildNodes();
$signature_value_node->appendText($signature);
print ("\n\n\n SignatureValue:\n" . $signature_value_node . "\n\n\n") if $DEBUG;
}
return $dom->toString;
}
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my ($xml) = @_;
my $dom = no_comments($xml);
#my $dom = XML::LibXML->load_xml(
# string => $xml,
# no_network => 1,
# load_ext_dtd => 0,
# expand_entities => 0 );
$self->{ parser } = XML::LibXML::XPathContext->new($dom);
$self->{ parser }->registerNs('dsig', 'http://www.w3.org/2000/09/xmldsig#');
$self->{ parser }->registerNs('ec', 'http://www.w3.org/2001/10/xml-exc-c14n#');
$self->{ parser }->registerNs('saml', 'urn:oasis:names:tc:SAML:2.0:assertion');
$self->{ parser }->registerNs('ecdsa', 'http://www.w3.org/2001/04/xmldsig-more#');
my $signature_nodeset = $self->{ parser }->findnodes('//dsig:Signature');
my $numsigs = $signature_nodeset->size();
print ("NodeSet Size: $numsigs\n") if $DEBUG;
# Loop through each Signature in the document checking each
my $i;
while (my $signature_node = $signature_nodeset->shift()) {
$i++;
print ("\nSignature $i\n") if $DEBUG;
# Get SignedInfo Reference ID
my $reference = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/@URI', $signature_node);
$reference =~ s/#//g;
print (" Reference URI: $reference\n") if $DEBUG;
# The reference ID must point to something in the document
# if not disregard it and look for another signature
# TODO check to ensure that if there is only a single reference
# like this it won't accidentally validate
if (! $self->{ parser }->findvalue('//*[@ID=\''. $reference . '\']')) {
print (" Signature reference $reference is not signing anything in this xml\n") if $DEBUG;
if ($numsigs <= 1) {
return 0;
}
else {
next;
}
}
# Get SignedInfo DigestMethod Algorithim
my $digest_method = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/dsig:DigestMethod/@Algorithm', $signature_node);
$digest_method =~ s/^.*[#]//;
print (" Digest Method: $digest_method\n") if $DEBUG;
# Get the DigestValue used to verify Canonical XML
# Note that the digest may have embedded newlines in the XML
# Decode the base64 and encode it with no newlines
my $refdigest = encode_base64(decode_base64(_trim($self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:Reference/dsig:DigestValue', $signature_node))), "");
print (" Digest Value: $refdigest\n") if $DEBUG;
# Get the SignatureValue used to verify the SignedInfo
my $signature = _trim($self->{ parser }->findvalue('dsig:SignatureValue', $signature_node));
print (" Signature: $signature\n") if $DEBUG;
# Get SignatureMethod Algorithim
my $signature_method = $self->{ parser }->findvalue(
'dsig:SignedInfo/dsig:SignatureMethod/@Algorithm', $signature_node);
$signature_method =~ s/^.*[#]//;
$signature_method =~ s/^rsa-//;
$signature_method =~ s/^dsa-//;
$signature_method =~ s/^ecdsa-//;
$self->{ sig_hash } = $signature_method;
print (" SignatureMethod: $signature_method\n") if $DEBUG;
# Get the SignedInfo and obtain its Canonical form
my ($signed_info) = $self->{ parser }->findnodes('dsig:SignedInfo', $signature_node);
my $signed_info_canon = $self->_canonicalize_xml($signed_info, $signature_node);
print "$signed_info_canon\n" if $DEBUG;
if(my $ref = Digest::SHA->can($signature_method)) {
$self->{sig_method} = $ref;
}
else {
die("Can't handle $signature_method");
}
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my %verify_dispatch = (
'X509Data' => '_verify_x509',
'RSAKeyValue' => '_verify_rsa',
'DSAKeyValue' => '_verify_dsa',
'ECDSAKeyValue' => '_verify_ecdsa',
);
my $keyinfo_nodeset;
foreach my $key_info_sig_type ( qw/X509Data RSAKeyValue DSAKeyValue ECDSAKeyValue/ ) {
if ( $key_info_sig_type eq 'X509Data' ) {
$keyinfo_nodeset = $self->{ parser }->find(
"dsig:KeyInfo/dsig:$key_info_sig_type", $signature_node);
#print (" keyinfo_nodeset X509Data: $keyinfo_nodeset\n") if $DEBUG;
} else {
$keyinfo_nodeset = $self->{ parser }->find(
"dsig:KeyInfo/dsig:KeyValue/dsig:$key_info_sig_type", $signature_node);
#print (" keyinfo_nodeset [DR]SAKeyValue: $keyinfo_nodeset\n") if $DEBUG;
}
if ( $keyinfo_nodeset->size ) {
my $verify_method = $verify_dispatch{$key_info_sig_type};
print (" Verify Method: $verify_method\n") if $DEBUG;
if ( ! $self->$verify_method($keyinfo_nodeset->get_node(0),
$signed_info_canon, $signature) ) {
print ("keyinfo_nodeset->get_node: " . $keyinfo_nodeset->get_node(0) . "\n") if $DEBUG;
print STDERR "Failed to verify using $verify_method\n";
return 0;
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
##
## Returns: XML NodeSet for with ID equal to the URI
##
## Find the XML node with the ID = $URI and return the
## XML NodeSet
##
sub _get_signed_xml {
my $self = shift;
my ($context) = @_;
my $id = $self->{parser}->findvalue('./dsig:SignedInfo/dsig:Reference/@URI', $context);
$id =~ s/^#//;
print (" Signed XML id: $id\n") if $DEBUG;
$self->{'sign_id'} = $id;
my $xpath = "//*[\@ID='$id']";
return $self->_get_node( $xpath, $context );
}
##
## _transform($xml, $context)
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
##
## Returns: string Transformed XML
##
## Canonicalizes/Transforms xml based on the Transforms
## from the SignedInfo.
##
sub _transform {
my $self = shift;
my ($xml, $context) = @_;
$context->setNamespace( 'http://www.w3.org/2000/09/xmldsig#', 'dsig' );
my $transforms = $self->{parser}->find(
'dsig:SignedInfo/dsig:Reference/dsig:Transforms/dsig:Transform',
$context
);
print "_transform\n" if $DEBUG;
foreach my $node ($transforms->get_nodelist) {
my $alg = $node->getAttribute('Algorithm');
print " Algorithm: $alg\n" if $DEBUG;
if ($alg eq TRANSFORM_ENV_SIG) {
# TODO the xml being passed here currently has the
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
##
## Returns: integer (1 True, 0 False) if signature is valid
##
## Verify the RSA signature of Canonical XML
##
sub _verify_rsa {
my $self = shift;
my ($context,$canonical,$sig) = @_;
# Generate Public Key from XML
my $mod = _trim($self->{parser}->findvalue('dsig:Modulus', $context));
my $modBin = decode_base64( $mod );
my $exp = _trim($self->{parser}->findvalue('dsig:Exponent', $context));
my $expBin = decode_base64( $exp );
my $n = Crypt::OpenSSL::Bignum->new_from_bin($modBin);
my $e = Crypt::OpenSSL::Bignum->new_from_bin($expBin);
my $rsa_pub = Crypt::OpenSSL::RSA->new_key_from_parameters( $n, $e );
# Decode signature and verify
my $sig_hash = 'use_' . $self->{ sig_hash } . '_hash';
$rsa_pub->$sig_hash;
my $bin_signature = decode_base64($sig);
return 1 if ($rsa_pub->verify( $canonical, $bin_signature ));
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
sub _verify_x509 {
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {
require Crypt::OpenSSL::X509;
};
confess "Crypt::OpenSSL::X509 needs to be installed so that we can handle X509 certificates" if $@;
# Generate Public Key from XML
my $certificate = _trim($self->{parser}->findvalue('dsig:X509Certificate', $context));
# This is added because the X509 parser requires it for self-identification
$certificate = $self->_clean_x509($certificate);
my $cert = Crypt::OpenSSL::X509->new_from_string($certificate);
return $self->_verify_x509_cert($cert, $canonical, $sig);
}
##
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {
require Crypt::OpenSSL::DSA;
};
confess "Crypt::OpenSSL::DSA needs to be installed so
that we can handle DSA signatures" if $@;
# Generate Public Key from XML
my $p = decode_base64(_trim($self->{parser}->findvalue('dsig:P', $context)));
my $q = decode_base64(_trim($self->{parser}->findvalue('dsig:Q', $context)));
my $g = decode_base64(_trim($self->{parser}->findvalue('dsig:G', $context)));
my $y = decode_base64(_trim($self->{parser}->findvalue('dsig:Y', $context)));
my $dsa_pub = Crypt::OpenSSL::DSA->new();
$dsa_pub->set_p($p);
$dsa_pub->set_q($q);
$dsa_pub->set_g($g);
$dsa_pub->set_pub_key($y);
# Decode signature and verify
my $bin_signature = decode_base64($sig);
# https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-SignatureAlg
# The output of the DSA algorithm consists of a pair of integers
# The signature value consists of the base64 encoding of the
# concatenation of r and s in that order ($r . $s)
# Binary Signature is stored as a concatenation of r and s
my $sig_size = ($dsa_pub->get_sig_size - 8)/2;
my $unpk = "a" . $sig_size . "a" . $sig_size;
my ($r, $s) = unpack($unpk, $bin_signature);
# Create a new Signature Object from r and s
my $sigobj = Crypt::OpenSSL::DSA::Signature->new();
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
## Verify the ECDSA signature of Canonical XML
##
sub _verify_ecdsa {
my $self = shift;
my ($context,$canonical,$sig) = @_;
eval {require Crypt::PK::ECC; CryptX->VERSION('0.036'); 1}
or confess "Crypt::PK::ECC 0.036+ needs to be installed so
that we can handle ECDSA signatures";
# Generate Public Key from XML
my $oid = _trim($self->{parser}->findvalue('//dsig:NamedCurve/@URN', $context));
use URI ();
my $u1 = URI->new($oid);
$oid = $u1->nss;
my %curve_name = (
'1.2.840.10045.3.1.1' => 'secp192r1',
'1.3.132.0.33' => 'secp224r1',
'1.2.840.10045.3.1.7' => 'secp256r1',
'1.3.132.0.34' => 'secp384r1',
'1.3.132.0.35' => 'secp521r1',
'1.3.36.3.3.2.8.1.1.1' => 'brainpoolP160r1',
'1.3.36.3.3.2.8.1.1.3' => 'brainpoolP192r1',
'1.3.36.3.3.2.8.1.1.5' => 'brainpoolP224r1',
'1.3.36.3.3.2.8.1.1.7' => 'brainpoolP256r1',
'1.3.36.3.3.2.8.1.1.9' => 'brainpoolP320r1',
'1.3.36.3.3.2.8.1.1.11' => 'brainpoolP384r1',
'1.3.36.3.3.2.8.1.1.13' => 'brainpoolP512r1',
);
my $x = $self->{parser}->findvalue('//dsig:PublicKey/dsig:X/@Value', $context);
my $y = $self->{parser}->findvalue('//dsig:PublicKey/dsig:Y/@Value', $context);
my $ecdsa_pub = Crypt::PK::ECC->new();
$ecdsa_pub->import_key({
kty => "EC",
curve_name => $curve_name{ $oid },
pub_x => $x,
pub_y => $y,
});
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
} else {
return '';
}
}
# TODO remove unused?
sub _transform_env_sig {
my $self = shift;
my ($str) = @_;
my $prefix = '';
if (defined $self->{dsig_prefix} && length $self->{dsig_prefix}) {
$prefix = $self->{dsig_prefix} . ':';
}
# This removes the first Signature tag from the XML - even if there is another XML tree with another Signature inside and that comes first.
# TODO: Remove the outermost Signature only.
$str =~ s/(<${prefix}Signature(.*?)>(.*?)\<\/${prefix}Signature>)//is;
return $str;
}
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
if ( $ecdsa_key ) {
$self->{ key_obj } = $ecdsa_key;
my $key_hash = $ecdsa_key->key2hash;
my $oid = $key_hash->{ curve_oid };
my $x = $key_hash->{ pub_x };
my $y = $key_hash->{ pub_y };
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:ECDSAKeyValue>
<dsig:DomainParameters>
<dsig:NamedCurve URN=\"urn:oid:$oid\" />
</dsig:DomainParameters>
<dsig:PublicKey>
<dsig:X Value=\"$x\" />
<dsig:Y Value=\"$y\" />
</dsig:PublicKey>
</dsig:ECDSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
$self->{key_type} = 'ecdsa';
}
else {
confess "did not get a new Crypt::PK::ECC object";
}
}
##
## _load_dsa_key($key_text)
##
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my $dsa_key = Crypt::OpenSSL::DSA->read_priv_key_str( $key_text );
if ( $dsa_key ) {
$self->{ key_obj } = $dsa_key;
my $g = encode_base64( $dsa_key->get_g(), '' );
my $p = encode_base64( $dsa_key->get_p(), '' );
my $q = encode_base64( $dsa_key->get_q(), '' );
my $y = encode_base64( $dsa_key->get_pub_key(), '' );
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:DSAKeyValue>
<dsig:P>$p</dsig:P>
<dsig:Q>$q</dsig:Q>
<dsig:G>$g</dsig:G>
<dsig:Y>$y</dsig:Y>
</dsig:DSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
$self->{key_type} = 'dsa';
}
else {
confess "did not get a new Crypt::OpenSSL::RSA object";
}
}
##
## _load_rsa_key($key_text)
##
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
$self->{ key_type } = 'rsa';
if (!$self->{ x509 }) {
my $bigNum = ( $rsaKey->get_key_parameters() )[1];
my $bin = $bigNum->to_bin();
my $exp = encode_base64( $bin, '' );
$bigNum = ( $rsaKey->get_key_parameters() )[0];
$bin = $bigNum->to_bin();
my $mod = encode_base64( $bin, '' );
$self->{KeyInfo} = "<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>$mod</dsig:Modulus>
<dsig:Exponent>$exp</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>";
}
}
else {
confess "did not get a new Crypt::OpenSSL::RSA object";
}
}
##
## _load_x509_key($key_text)
##
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
my $text = '';
local $/ = undef;
$text = <$CERT>;
close $CERT;
my $cert = Crypt::OpenSSL::X509->new_from_string($text);
if ( $cert ) {
$self->{ cert_obj } = $cert;
my $cert_text = $cert->as_string;
$cert_text =~ s/-----[^-]*-----//gm;
$self->{KeyInfo} = "<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>\n"._trim($cert_text)."\n</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>";
}
else {
confess "Could not load certificate from $file";
}
}
else {
confess "Could not find certificate file $file";
}
return;
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
};
confess "Crypt::OpenSSL::X509 needs to be installed so that we can handle X509 certs." if $@;
my $text = $self->{ cert_text };
my $cert = Crypt::OpenSSL::X509->new_from_string($text);
if ( $cert ) {
$self->{ cert_obj } = $cert;
my $cert_text = $cert->as_string;
$cert_text =~ s/-----[^-]*-----//gm;
$self->{KeyInfo} = "<dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>\n"._trim($cert_text)."\n</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>";
}
else {
confess "Could not load certificate from given text.";
}
return;
}
##
## _load_key($file)
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
## $signed_info: string XML String Fragment
## $signature_value String Base64 Signature Value
##
## Returns: string XML fragment
##
## Create a XML string of the Signature
##
sub _signature_xml {
my $self = shift;
my ($signed_info,$signature_value) = @_;
return qq{<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
$signed_info
<dsig:SignatureValue>$signature_value</dsig:SignatureValue>
$self->{KeyInfo}
</dsig:Signature>};
}
##
## _signedinfo_xml($digest_xml)
##
## Arguments:
## $digest_xml string XML String Fragment
##
## Returns: string XML fragment
##
## Create a XML string of the SignedInfo
##
sub _signedinfo_xml {
my $self = shift;
my ($digest_xml) = @_;
my $algorithm;
if ( $self->{ sig_hash } eq 'sha1' && $self->{key_type} ne 'ecdsa' ) {
$algorithm = "http://www.w3.org/2000/09/xmldsig#$self->{key_type}-$self->{ sig_hash }";
}
elsif ( $self->{key_type} eq 'ecdsa' ) {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{key_type}-$self->{ sig_hash }";
}
elsif ( $self->{ key_type } eq 'dsa' && $self->{ sig_hash } eq 'sha256') {
$algorithm = "http://www.w3.org/2009/xmldsig11#$self->{key_type}-$self->{ sig_hash }";
}
else {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{key_type}-$self->{ sig_hash }";
}
#return qq{<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
return qq{<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<dsig:SignatureMethod Algorithm="$algorithm" />
$digest_xml
</dsig:SignedInfo>};
}
##
## _reference_xml($id)
##
## Arguments:
## $id string XML ID related to the URI
## $digest string Base64 encoded digest
##
## Returns: string XML fragment
##
## Create a XML string of the Reference
##
sub _reference_xml {
my $self = shift;
my $id = shift;
my ($digest) = @_;
my $algorithm;
if ( $self->{ digest_hash } eq 'sha1') {
$algorithm = "http://www.w3.org/2000/09/xmldsig#$self->{ digest_hash }";
}
elsif (($self->{ digest_hash } eq 'sha224') || ($self->{ digest_hash } eq 'sha384')) {
$algorithm = "http://www.w3.org/2001/04/xmldsig-more#$self->{ digest_hash }";
}
else {
$algorithm = "http://www.w3.org/2001/04/xmlenc#$self->{ digest_hash }";
}
return qq{<dsig:Reference URI="#$id">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="$algorithm" />
<dsig:DigestValue>$digest</dsig:DigestValue>
</dsig:Reference>};
}
##
## _canonicalize_xml($xml, $context)
##
## Arguments:
## $xml: string XML NodeSet
## $context: string XML Context
##
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
##
## Canonicalizes xml based on the CanonicalizationMethod
## from the SignedInfo.
##
sub _canonicalize_xml {
my $self = shift;
my ($xml, $context) = @_;
print ("_canonicalize_xml:\n") if $DEBUG;
my $canon_method = $self->{ parser }->findnodes(
'dsig:SignedInfo/dsig:CanonicalizationMethod', $context
);
foreach my $node ($canon_method->get_nodelist) {
my $alg = $node->getAttribute('Algorithm');
print (" Canon Method: $alg\n") if $DEBUG;
if ($alg eq TRANSFORM_C14N) {
print (" toStringC14N\n") if $DEBUG;
$xml = $xml->toStringC14N();
}
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
</foo>
Now, let's insert a signature:
<?xml version="1.0"?>
<foo ID="abc">
<bar>123</bar>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#abc">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>9kpmrvv3peVJpNSTRycrV+jeHVY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
HXUBnMgPJf//j4ihaWnaylNwAR5AzDFY83HljFIlLmTqX1w1C72ZTuRObvYve8TNEbVsQlTQkj4R
hiY0pgIMQUb75GLYFtc+f0YmBZf5rCWY3NWzo432D3ogAvpEzYXEQPmicWe2QozQhybaz9/wrYki
XiXY+57fqCkf7aT8Bb6G+fn7Aj8gnZFLkmKxwCdyGsIZOIZdQ8MWpeQrifxBR0d8W1Zm6ix21WNv
ONt575h7VxLKw8BDhNPS0p8CS3hOnSk29stpiDMCHFPxAwrbKVL1kGDLaLZn1q8nNRmH8oFxG15l
UmS3JXDZAss8gZhU7g9T4XllCqjrAvzPLOFdeQ==
</SignatureValue>
lib/Net/SAML2/XML/Sig.pm view on Meta::CPAN
</Modulus>
<Exponent>Iw==</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</foo>
=head1 SEE ALSO
L<http://www.w3.org/TR/xmldsig-core/>
=head1 VERSION CONTROL
L<https://github.com/perl-net-saml2/perl-XML-Sig>
=head1 AUTHORS and CREDITS
Author: Byrne Reese <byrne@majordojo.com>
Thanks to Manni Heumann who wrote Google::SAML::Response from
t/01-create-idp.t view on Meta::CPAN
use Test::Lib;
use Test::Net::SAML2;
use Net::SAML2::IdP;
my $xml = <<XML;
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEO
MAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEw
MDYxMjM4MTRaFw0xMTEwMDYxMjM4MTRaMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQK
DAVsb2NhbDELMAkGA1UECwwCY3QxDTALBgNVBAMMBHNhbWwxHDAaBgkqhkiG9w0B
CQEWDXNhbWxAY3QubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMhu
pJZpvu1m6ys+IrWrm3pK+onwRAYCyrgQ0RyK2cHbVLFbjBqTjKnt+PiVbnZPZUTs
tkV9oijZGQvaMy9ingJursICUQzmOfYRDm4s9gFJJOHUGYnItRhp4uj3EoWWyX8I
6Mr+g3/vNgNFvD5S9L7Hk1mSw8SnPlblZAWlFUwXAgMBAAGjgY8wgYwwDAYDVR0T
t/03-assertions.t view on Meta::CPAN
my $xml = <<XML;
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s29e656961dc650775c103fddadba836256cc3eb7d" InResponseTo="N3k95Hg41WCHdwc9mqXynLPhB" Version="2.0" IssueInstant="2010-10-12T14:49:27Z" Destination="http://ct.local/saml/consumer-p...
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://sso.dev.venda.com/opensso</saml:Issuer>
<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s241001b6007d1700109a3e3bc4350ae5528ba9824" IssueInstant="2010-10-12T14:49:27Z" Version="2.0">
<saml:Issuer>http://sso.dev.venda.com/opensso</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#s241001b6007d1700109a3e3bc4350ae5528ba9824">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>1CCTfUP/Sbihuz4HCySlSizG9+o=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>lHH8QBcAievrgDYmYXXk+QnWC/ybLYcbIZPEs06rEi7wE9Iwb96UxPM8zY24SSJ9CPZdZqyNsyIu9Ww+4dq7RcUbE9dBCKwAZjz/ze6jPTlEZPdG1H+g+c8HnC9mNTI1g4WDS8zBmSbBbYBEPiuVxHn245JaUrTRjoLE0Xr4EoY=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDDDCCAfSgAwIBAgIBBDANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEOMAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEwMDYxNDE5MDJaFw0xMTEwMDYxNDE5MDJaMGMxCzAJBgNVBAYTAkdCMQ8wDQYDVQQIEwZMb25kb24xDzANBgNVBAcTBkxv...
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
t/04-response.t view on Meta::CPAN
use Net::SAML2::Protocol::Assertion;
use MIME::Base64;
my $xml = <<XML;
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="s2aa6f0dee017e82ced11a3c7c0be88ee42d3a9cb5" InResponseTo="N3k95Hg41WCHdwc9mqXynLPhB" Version="2.0" IssueInstant="2010-11-12T12:26:44Z" Destination="http://ct.local/saml/consumer-p...
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2d1d09d5f190890fea3ecf12dc88cef287c77c3b5" IssueInstant="2010-11-12T12:26:44Z" Version="2.0">
<saml:Issuer>http://openam.nodnol.org:8080/opensso</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#s2d1d09d5f190890fea3ecf12dc88cef287c77c3b5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>BBMCOv+ILM/szUqBKyWBY3meyXA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
sM2FSfk1L66V6s4OyaK0tGSgBMDl6rFPi14bR2FgR++64DiCgXzJeIhDO4CeACl8yGQLBiNHZBo2
hT635YGP0+8LSqWbrXJICpsEJVdfnpXJAP9dOc/u9yiH/3qQVtinz00ZrnV1DgqrQYp7TWVbXerd
VPt5U1IOHMBHYqgsYbc=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
t/idp-metadata.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEO
MAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEw
MDYxMjM4MTRaFw0xMTEwMDYxMjM4MTRaMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQK
DAVsb2NhbDELMAkGA1UECwwCY3QxDTALBgNVBAMMBHNhbWwxHDAaBgkqhkiG9w0B
CQEWDXNhbWxAY3QubG9jYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMhu
pJZpvu1m6ys+IrWrm3pK+onwRAYCyrgQ0RyK2cHbVLFbjBqTjKnt+PiVbnZPZUTs
tkV9oijZGQvaMy9ingJursICUQzmOfYRDm4s9gFJJOHUGYnItRhp4uj3EoWWyX8I
6Mr+g3/vNgNFvD5S9L7Hk1mSw8SnPlblZAWlFUwXAgMBAAGjgY8wgYwwDAYDVR0T
t/idp-metadata2.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJVUzEOMAwGA1UECgwFbG9jYWwxCzAJBgNVBAsMAmN0MQswCQYDVQQDDAJDQTAeFw0xMDEwMDYxMjM4MTRaFw0xMTEwMDYxMjM4MTRaMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQKDAVsb2NhbDELMAkGA1...
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://sso.dev.venda.com/opensso/ArtifactResolver/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://sso.dev.venda.com/opensso/IDPSloSoap/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sso.dev.venda.com/opensso/IDPSloRedirect/metaAlias/idp" ResponseLocation="http://sso.dev.venda.com/opensso/IDPSloRedirect/metaAlias/idp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://sso.dev.venda.com/opensso/IDPSloPOST/metaAlias/idp" ResponseLocation="http://sso.dev.venda.com/opensso/IDPSloPOST/metaAlias/idp"/>
<ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sso.dev.venda.com/opensso/IDPMniRedirect/metaAlias/idp" ResponseLocation="http://sso.dev.venda.com/opensso/IDPMniRedirect/metaAlias/idp"/>
t/net-saml2-idp-metadata.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
t/net-saml2-metadata.xml view on Meta::CPAN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="http://sso.dev.venda.com/opensso" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIF7zCCA9egAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAkNB
MRYwFAYDVQQIDA1OZXcgQnJ1bnN3aWNrMRMwEQYDVQQKDApOZXQ6OlNBTUwyMSMw
IQYDVQQDDBpOZXQ6OlNBTUwyIEludGVybWVkaWF0ZSBDQTEgMB4GCSqGSIb3DQEJ
ARYRdGltbGVnZ2VAY3Bhbi5vcmcwHhcNMjAxMjI3MDI0ODQ4WhcNMjIwMTA2MDI0
ODQ4WjCBlzELMAkGA1UEBhMCQ0ExFjAUBgNVBAgMDU5ldyBCcnVuc3dpY2sxEDAO
BgNVBAcMB01vbmN0b24xEzARBgNVBAoMCk5ldDo6U0FNTDIxJzAlBgNVBAMMHk5l
dDo6U0FNTDIgU2lnbmluZyBDZXJ0aWZpY2F0ZTEgMB4GCSqGSIb3DQEJARYRdGlt
bGVnZ2VAY3Bhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
( run in 2.456 seconds using v1.01-cache-2.11-cpan-71847e10f99 )