python-saml: Signature validation failed. Everything seems right, though.
I upgrade to MacOS the other day and revisisted an old project. I now get “Signature validation failed.” I tried upgrading to the 2.2.0 release, but get the same thing. Do you all see anything wrong with this?
All values printed from variables defined in validate_node_sign
Cert
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
validatecert
False
signature_node
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id631044246120230029603131"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>...</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>...</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>...</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
Node verification error:
('verifying failed with return value', -1)
Signature validation failed. SAML Response rejected
xmldsig.c:871(xmlSecDSigCtxProcessKeyInfoNode) errno=45
xmldsig.c:565(xmlSecDSigCtxProcessSignatureNode) subject=xmlSecDSigCtxProcessKeyInfoNode
xmldsig.c:366(xmlSecDSigCtxVerify) subject=xmlSecDSigCtxSignatureProcessNode
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 26 (7 by maintainers)
@travelton I did! All I had to do was update libxmlsec1 to version 1.2.4. It automatically started working on Mac 😃