Buongiorno,
ho avviato spid-saml-check 1.9.5 con docker e risponde su localhost, porta 8443.
Ho scaricato il metadato del validator e avviato la mia applicazione spring che risponde sul mio ip, con metadati dell’sp coerenti.
Inoltro quindi la richiesta all’IdP, eseguo il login sul validator, scarico i metadati dell’SP che vengono correttamente validati con la validazione semplice.
A questo punto visualizzo la richiesta SAML e cerco di validarla, ottenendo il seguente errore:
Error while loading report: Traceback (most recent call last): File "/usr/local/bin/spid_sp_test", line 306, in metadata_check = _cls(**data_md) File "/usr/local/lib/python3.9/dist-packages/spid_sp_test/metadata.py", line 50, in __init__ self.metadata = self.get(metadata_url) File "/usr/local/lib/python3.9/dist-packages/spid_sp_test/metadata.py", line 64, in get return open(metadata_url[7:], "rb").read() FileNotFoundError: [Errno 2] No such file or directory: '../data//sp-metadata.xml'
Riporto per completezza la busta saml:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceIndex="0" AssertionConsumerServiceURL="http://192.168.1.67:8080/spidLogin" AttributeConsumingServiceIndex="1" Destination="https://localhost:8443/samlsso" ID="_f7ea52f2bc464643a609b642560efb46" IsPassive="false" IssueInstant="2023-08-09T07:42:55.878Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="http://myspidsp.it"/>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_f7ea52f2bc464643a609b642560efb46">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
LAe9vsReXERJzeEeDswa5L2mjyY=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
erxv6URWfGbqyH//YQ/ewJhfLD4bB/tGgG52/x8sUgkiuHZrxQ38+l3nEtgBRevEeoSRCd5ZPyZA/xJWZWL1qnQ79Jqiu+sNgxdgbmhYPj7OFOcNm4Rv3drv1X3fGJYuUVVu8w/VY5EzslafqKkUBMpRfeNP5pqbu0jeV29oP/adkSM79AjMosIkHqtYtgukwvAl25ExoK6jGW6Ha0YfwOXp+VN+OnCObPSSv7IT9uze1cb8zgT+0GkbqRwfzOGePLhheid+XGeChSdw7QWC56RWGokn9T3Q2nqjFi7YUVVAtPr+j4fKsfpNQgxKHo7mjd8jfaMOMkYZBCqDHSO4UCFsUgZ9wJovGm+sCwu8Rj9Q4z6axX2JzkCx+9JFeH3wkxdVhmllhPbC5nJneWt1KNEq163a6h3IuwnUzKM3Zp8hLZOBO1xIabKjfjYyEqh0ynkqL83U3dMHAab6WJUB9B6KxiTNQEd7I6iZn6Dj9waZvkNZ0yAvw4Y2aeUVHpSq
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGJjCCBI6gAwIBAgIUQBmmnWG0ueosiUedL++nRESzI/8wDQYJKoZIhvcNAQELBQAwgYoxJDAi
BgNVBAoMG0EgQ29tcGFueSBNYWtpbmcgRXZlcnl0aGluZzEQMA4GA1UEAwwHQS5DLk0uRTEdMBsG
A1UEUwwUaHR0cHM6Ly9zcGlkLmFjbWUuaXQxFTATBgNVBGEMDFBBOklULWNfaDUwMTELMAkGA1UE
BhMCSVQxDTALBgNVBAcMBFJvbWEwHhcNMjMwODA3MDgzNzExWhcNMjQwODA2MDgzNzExWjCBijEk
MCIGA1UECgwbQSBDb21wYW55IE1ha2luZyBFdmVyeXRoaW5nMRAwDgYDVQQDDAdBLkMuTS5FMR0w
GwYDVQRTDBRodHRwczovL3NwaWQuYWNtZS5pdDEVMBMGA1UEYQwMUEE6SVQtY19oNTAxMQswCQYD
VQQGEwJJVDENMAsGA1UEBwwEUm9tYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJPg
ZX+vVS7YZ4n3b5u8sOINNwOxo0hTAYyj+De+L4B51xLdehTIEgX4Zym0fX+OK6X9CyKAfTcpfXjH
qyXjxUTjwahT2jTmT3RVI3XvkGh2H7c/7LlolIwn0Z3SUQALVPiv6uN7KV344C1wCiVSEuzZVRI0
R8qBtjtiQeOSGaj9FwWnqUmEaf5kaiKQXSwLIkXc8qdzv47WeE8XfOlJIjZL39W4vic2dKClvdKD
u5c3b6bNF4voGD5e39lB0ijgn+tog3PQuqPOUoJQMW2GGrKBGr+a9y3ZwBWqOH2/2CFiiBsgpeIL
gb7l66SdC+AO9n274OpQarUCzCN+frEEQKpmK9Hv6pcME79IA4PGR/ZKj8vQQ/jQuxfBbWvJIP0r
jkZZF7w5Qjakz1r4YilFjjCUcnebMdqhJblwJ6lWR/HH2C7LH8agOgFI6mRK1i2mMQ/KoOan7h/B
q3s50X9OKtT/OAIoxL0HOmI8aLKk73UPUiwMHdtAIvhIBwcTAB5RGQIDAQABo4IBgDCCAXwwCQYD
VR0TBAIwADAOBgNVHQ8BAf8EBAMCBsAwcwYDVR0gBGwwajAfBgMrTBAwGDAWBggrBgEFBQcCAjAK
DAhBZ0lEcm9vdDAgBgQrTBAGMBgwFgYIKwYBBQUHAgIwCgwIYWdJRGNlcnQwJQYGK0wQBAIBMBsw
GQYIKwYBBQUHAgIwDQwLY2VydF9TUF9QdWIwHQYDVR0OBBYEFA/7smxTpI6i2q9fMkxwZrIipH/s
MIHKBgNVHSMEgcIwgb+AFA/7smxTpI6i2q9fMkxwZrIipH/soYGQpIGNMIGKMSQwIgYDVQQKDBtB
IENvbXBhbnkgTWFraW5nIEV2ZXJ5dGhpbmcxEDAOBgNVBAMMB0EuQy5NLkUxHTAbBgNVBFMMFGh0
dHBzOi8vc3BpZC5hY21lLml0MRUwEwYDVQRhDAxQQTpJVC1jX2g1MDExCzAJBgNVBAYTAklUMQ0w
CwYDVQQHDARSb21hghRAGaadYbS56iyJR50v76dERLMj/zANBgkqhkiG9w0BAQsFAAOCAYEAWdKE
tpHODJ9ic0HGCub7yhCq4LB/Y8YUN1rcF+DBUjWDzjJ8lVWXArOYgL1B4tXnDkhFJY8GOi0Cyp2m
CIG4rIE7cTp/NQC+xcpHJu1mMp+IIxrs8Qv2d9dmXnXPIlj7hAcRqNnyRnBiEAwVg7cU7ZRE3RI4
ySBhA3+FIDbNxY5hiRQE5YBaEGwuPfwzrnn0k4V7GH8pGoG+dMA63K7hUiB8OXlTrvHn7Y9aPv4w
1Xn2tIkruhRk4p4Ldaqs1W387L0V5Alqbwi1/1OyErqKDHHCHncer/dWJU9UlnUBjzo/8NJaPMCZ
f/mLTKf8ogtHTOcP0G0tU6FjehxhwqeS8AxzWd1ZtyFsT9V7xx9Hh0cBNBVcXIAOukZcrtDtmXCG
sTska7k0s2ObmGaI8lQuhibQrdx2rg2/jDARAKmJRKQ8GJrNvy7+vbJEdf5c0vBePP8jvO3mM/wU
9UPFX6yxiW2B91ftDluvChjgzfXeUWLX8zzGZGyphyXVYGiTm97m
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:NameIDPolicy xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
<saml2p:RequestedAuthnContext xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
https://www.spid.gov.it/SpidL2
</saml:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
Se provo a puntare all’ambiente demo ovviamente non accetta la richiesta.