Skip to content
This repository has been archived by the owner on Jun 6, 2023. It is now read-only.

Unable to generate correct SAML Response #37

Open
rahul-satal opened this issue Mar 25, 2020 · 0 comments
Open

Unable to generate correct SAML Response #37

rahul-satal opened this issue Mar 25, 2020 · 0 comments

Comments

@rahul-satal
Copy link

rahul-satal commented Mar 25, 2020
edited
Loading

In our project, we have to enable SSO in which the service provider will be Salesforce and Identity Provider will be the Golang code. Golang code will first verify the user then it will generate a SAML response to allow a user to login to Salesforce.
I am new to Golang and following Creating a SAML Response (if acting as an IdP) of this library. So, far I am able to create a SAML response using it but facing some challenges in customizing it as per requirement.

  1. The first challenge I was facing is to add AudienceRestriction in the Conditions block as below:-

<saml:Conditions NotBefore="2020-03-15T16:33:16.23103491Z" NotOnOrAfter="2020-03-15T16:43:16.23104017Z">
saml:AudienceRestriction
saml:Audiencehttps://saml.salesforce.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>

I have tried to add it like below in the code, but it seems Conditions is not defined in authnResponse object.

authnResponse := saml.NewSignedResponse()
authnResponse.Conditions.AudienceRestrictions = "https://saml.salesforce.com"

I don't find any way to add the above block in the Conditions block which is mandatory for Salesforce. Please suggest me some way to do so.

  1. Even after manually adding the above block in the SAML response, I am getting the below error while validating the SAML response using the Salesforce SAML validator

Validating the Signature...
Is the response signed? true
Is the assertion signed? false
The reference in the response signature is valid
Is the correct certificate supplied in the keyinfo? true
Signature or certificate problems
The signature in the response is not valid

I have no idea why I am getting Signature Invalid error. Please let me know if you have any suggestions for me.

  1. I also have to add AuthnStatement below the Conditions block as below:-

<saml:AuthnStatement AuthnInstant="2020-03-01T11:28:31.396Z">
saml:AuthnContext saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>

In case you want to check my Golang code - https://play.golang.org/p/U9dXZblTHG1
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rahul-satal