我正在尝试接收IDP签名请求,但我不确定我需要配置什么才能验证签名。
我已按如下方式设置CONFIG:
'want_response_signed': True,
'authn_assertions_signed': True,
我也将这些参数发送到parse_authn_request_response:
parse_authn_request_response(
xmlstr=request.form['SAMLResponse'],
binding=entity.BINDING_HTTP_POST,
outstanding_certs={
'http://somedomain.com': [
{
'key': '.../app-private.key',
'cert': '.../app-public.cert'
}
]
}
)
但是我在error.log中得到了这个回溯:
Traceback (most recent call last):
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app
[Wed Dec 02 20:05:34 2015] [error] response = self.full_dispatch_request()
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request
[Wed Dec 02 20:05:34 2015] [error] rv = self.handle_user_exception(e)
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask_cors/extension.py", line 188, in wrapped_function
[Wed Dec 02 20:05:34 2015] [error] return cors_after_request(app.make_response(f(*args, **kwargs)))
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception
[Wed Dec 02 20:05:34 2015] [error] reraise(exc_type, exc_value, tb)
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request
[Wed Dec 02 20:05:34 2015] [error] rv = self.dispatch_request()
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request
[Wed Dec 02 20:05:34 2015] [error] return self.view_functions[rule.endpoint](**req.view_args)
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/flask_cors/decorator.py", line 127, in wrapped_function
[Wed Dec 02 20:05:34 2015] [error] resp = make_response(f(*args, **kwargs))
[Wed Dec 02 20:05:34 2015] [error] File "/var/www/mysp/app.py", line 199, in idp_initiated
[Wed Dec 02 20:05:34 2015] [error] 'cert': '/var/www/mysp/app-public.cert'
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/saml2/client_base.py", line 581, in parse_authn_request_response
[Wed Dec 02 20:05:34 2015] [error] binding, **kwargs)
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/saml2/entity.py", line 1140, in _parse_response
[Wed Dec 02 20:05:34 2015] [error] response = response.verify(keys)
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 993, in verify
[Wed Dec 02 20:05:34 2015] [error] if self.parse_assertion(keys):
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 908, in parse_assertion
[Wed Dec 02 20:05:34 2015] [error] if not self._assertion(assertion, False):
[Wed Dec 02 20:05:34 2015] [error] File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 770, in _assertion
[Wed Dec 02 20:05:34 2015] [error] raise SignatureError("Signature missing for assertion")
[Wed Dec 02 20:05:34 2015] [error] SignatureError: Signature missing for assertion
我错过了什么?