ComponentSpace

Forums



The SAML response signature failed to verify.


The SAML response signature failed to verify.

Author
Message
mayur4monto
mayur4monto
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 47
I am getting this error randomly like every one / two days. if I change something in web.config file in service provider project/ then it will start working again but it again failed in next one or two days 

what can be the problem here ?

[1/25/2021 2:11:43 AM] INFO[ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
 at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState)
 at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e) in c:\inetpub\vhosts\httpdocs\SAML\AssertionConsumerService.aspx.cs:line 35]
mayur4monto
mayur4monto
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 47
mayur4monto - 1/25/2021
I am getting this error randomly like every one / two days. if I change something in web.config file in service provider project/ then it will start working again but it again failed in next one or two days 

what can be the problem here ?

[1/25/2021 2:11:43 AM] INFO[ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.VerifySAMLResponseSignature(XmlElement samlResponseElement)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ProcessSAMLResponse(XmlElement samlResponseElement, Boolean& isInResponseTo, String& authnContext, String& userName, SAMLAttribute[]& attributes)
 at ComponentSpace.SAML2.InternalSAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, SAMLAttribute[]& attributes, String& relayState)
 at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequest httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState)
 at SAML_AssertionConsumerService.Page_Load(Object sender, EventArgs e) in c:\inetpub\vhosts\httpdocs\SAML\AssertionConsumerService.aspx.cs:line 35]

11892/157: 1/25/2021 2:53:31 AM: Initiation of SSO to the partner identity provider hlx has completed successfully.
11892/145: 1/25/2021 2:53:32 AM: Receiving an SSO response from a partner identity provider.
11892/145: 1/25/2021 2:53:32 AM: Service provider session (e9c1a628-da66-4873-ae72-3fe9fa8fce09) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: hlx
Relay state:
In response to: _080f55aa-4657-48db-b3c9-76a1e13e6434

11892/145: 1/25/2021 2:53:32 AM: Receiving response over HTTP POST.
11892/145: 1/25/2021 2:53:32 AM: HTTPS request:
POST /SAML/AssertionConsumerService.aspx HTTP/1.1
Cache-Control: max-age=0
Connection: close
Content-Length: 6129
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: SAML_SessionId=e9c1a628-da66-4873-ae72-3fe9fa8fce09
Host: example.com
Referer: https://signon.example.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36 Edg/87.0.664.75
upgrade-insecure-requests: 1
origin: https://signon.example.com
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfMTk5ZjNhYjItMDgwZS00MGQwLWJkZDUtZjE3MGE4NjFhMmNlIiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaGx4PC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48UmVmZXJlbmNlIFVSST0iI18xOTlmM2FiMi0wODBlLTQwZDAtYmRkNS1mMTcwYTg2MWEyY2UiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48SW5jbHVzaXZlTmFtZXNwYWNlcyBQcmVmaXhMaXN0PSIjZGVmYXVsdCBzYW1scCBzYW1sIGRzIHhzIHhzaSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM%2BPERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU%2BRExnOXFPWTdtM0dkcGlSc2FJU01MR1k2bkQyUEswVVRFU1h0N05sMk5LQT08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU%2BUWJyU1lKYnhYUnY4Vm1IckoxU3pZakNhM3VKckV5TWtRTGtYTDNrNlMrcFNyVkYxNWdjTC96YkF2U01DOTMwaUNmUXZJWEh6MWN3Q1lJS0EwOEdGYzBjNi8vRVR3VTlQZ0c2Z2tkYW8ycUJ6dkF0dWxrUE92Sy9pQlVYVkdzWWJVMnVZbVBvNEhiNnJSMzlrakpvbWpsSFlEQTVUVS81V0NIM3JyY1ladlBKM0ttMWNsZjdQc21ZZXpjaUhWcFNaMW9pS3VXOHJ1eG9qOG5Pcll1cFdKcUdqUHlLZlBTZC9yeHR4QURsYUlqOHIvMTdicWNLQ1A0Z0JGRlYreEJHcWs2WFF2QldLTFNreUZPTWl0MTEwaE1PQTd4YWxwR3o4cVovQ3pQNXdHTlI3dGZ6dWFuSGNKem1TUG9WSVd1eWgxakc5cEZWMVQrNVE2MHRSYTZGMC93PT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSURBVENDQWVtZ0F3SUJBZ0lRZFBEci9pSTFqYmhETVRqNVZZeWErVEFOQmdrcWhraUc5dzBCQVFzRkFEQVdNUlF3RWdZRFZRUURFd3QzZDNjdWFXUndMbU52YlRBZUZ3MHhNekV4TWpJd09ESXdOVEphRncwME9URXlNekV4TkRBd01EQmFNQll4RkRBU0JnTlZCQU1UQzNkM2R5NXBaSEF1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBaTBYSlJMRHJjYlN5cVVkOFhHNEJneE9iUU1ZTEFrRU5sbUpPc0FFcGwxeE1hYlVpcTFYNHYwRmM4WmFDcFVFM2ZGR0VOTUVXZ0JqblFVVUUwV3RWVWg1SlBNc3Vrb2xmOXFsamJKa0NrdkhYSDNPNFVlbjd2QTJvTlFXdDRiSzk2U3BYQURwWktGdnBrNEQ3YnRLT2dVL05hbWppcXdISTRmSThrRkpLd0tCSmNoUlBVUWRDNGxqUlJtR0lyU25wWSt0MjUvZDNLR1h3YmU5WjJNR0d5Mmh5QTB0Z09XdWNoSUsrMXZBS0tCVWg5bkRFWGZyODAreFc2ODB3NVRxSHlEY3FiV3ZRc1hYaEgweVpMZklOS05TNi9Jb2pIUHNCeTd0ZjM2Q2s5SDVQdysxUFB1Nk56QkZTejVaa0M4S3pyUzZ2dVpYYy9JbVlybmhlTVFzcXFRSURBUUFCbzBzd1NUQkhCZ05WSFFFRVFEQStnQkQ0ZFk0TUNQRW1HNHN4WnJjbmk4dnRvUmd3RmpFVU1CSUdBMVVFQXhNTGQzZDNMbWxrY0M1amIyMkNFSFR3Ni80aU5ZMjRRekU0K1ZXTW12a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmhhazJhUjg0TUNkeVhPNEFLT1F2Wnlic0NNZGhScTJpMWkwV2hENC94ZTdSeTVoYUM2VGVYSXA4UTRjQzNNenNyRGFsNzR4SEk3MTRCVzBsb2FmcEhBc1hmZDlFdmtLVFZhSisxWnBlMTYrU3NUTDR1cFMxY0d5ZGlncXdVenNkcEdjazR3STFtb0o5NDc3Tys0NklmMmdGMjd1OUNkazdPbnhlLzVkd0xJeFdta1ZSZGJRSUg1R3NLVWVBak9kUlFteStYMU1YNkt5Um9hQ3dXR1l3eGk1U2ErciszQXREdkQ0QlgwRUpHS0ZaZWVNM0oveU1wWWgvNzVhTjBjRlFmREVkSjdDNU5FMHZvbmlkRTBRdElGdnNvV3RaVXR1cjJmaVc3eUJ4c2UzOFRQUXNpMnI2QTZjL1Rac1o1YnEzMXloM2dyM2tTTjYySDhpVktMUUxBPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE%2BPC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXM%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOklzc3Vlcj5obHg8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q%2BPHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnBhY2s8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDEtMjVUMDc6NTY6MzEuNzM1WiIgUmVjaXBpZW50PSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIC8%2BPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24%2BPC9zYW1sOlN1YmplY3Q%2BPHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDEtMjVUMDc6NTA6MzEuNzM1WiIgTm90T25PckFmdGVyPSIyMDIxLTAxLTI1VDA3OjU2OjMxLjczNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPHNhbWw6QXVkaWVuY2U%2BY2VxdWFzbGlkZXNzZXJ2aWNlcHJvdmlkZXI8L3NhbWw6QXVkaWVuY2U%2BPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24%2BPC9zYW1sOkNvbmRpdGlvbnM%2BPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIFNlc3Npb25JbmRleD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc3BlY2lmaWVkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcmlkICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj43MzM8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZmlyc3RuYW1lICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5QYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3RuYW1lICI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5KYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U%2B
11892/145: 1/25/2021 2:53:32 AM: Form variable SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfMTk5ZjNhYjItMDgwZS00MGQwLWJkZDUtZjE3MGE4NjFhMmNlIiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIERlc3RpbmF0aW9uPSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aGx4PC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48UmVmZXJlbmNlIFVSST0iI18xOTlmM2FiMi0wODBlLTQwZDAtYmRkNS1mMTcwYTg2MWEyY2UiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj48SW5jbHVzaXZlTmFtZXNwYWNlcyBQcmVmaXhMaXN0PSIjZGVmYXVsdCBzYW1scCBzYW1sIGRzIHhzIHhzaSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+PERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48RGlnZXN0VmFsdWU+RExnOXFPWTdtM0dkcGlSc2FJU01MR1k2bkQyUEswVVRFU1h0N05sMk5LQT08L0RpZ2VzdFZhbHVlPjwvUmVmZXJlbmNlPjwvU2lnbmVkSW5mbz48U2lnbmF0dXJlVmFsdWU+UWJyU1lKYnhYUnY4Vm1IckoxU3pZakNhM3VKckV5TWtRTGtYTDNrNlMrcFNyVkYxNWdjTC96YkF2U01DOTMwaUNmUXZJWEh6MWN3Q1lJS0EwOEdGYzBjNi8vRVR3VTlQZ0c2Z2tkYW8ycUJ6dkF0dWxrUE92Sy9pQlVYVkdzWWJVMnVZbVBvNEhiNnJSMzlrakpvbWpsSFlEQTVUVS81V0NIM3JyY1ladlBKM0ttMWNsZjdQc21ZZXpjaUhWcFNaMW9pS3VXOHJ1eG9qOG5Pcll1cFdKcUdqUHlLZlBTZC9yeHR4QURsYUlqOHIvMTdicWNLQ1A0Z0JGRlYreEJHcWs2WFF2QldLTFNreUZPTWl0MTEwaE1PQTd4YWxwR3o4cVovQ3pQNXdHTlI3dGZ6dWFuSGNKem1TUG9WSVd1eWgxakc5cEZWMVQrNVE2MHRSYTZGMC93PT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSURBVENDQWVtZ0F3SUJBZ0lRZFBEci9pSTFqYmhETVRqNVZZeWErVEFOQmdrcWhraUc5dzBCQVFzRkFEQVdNUlF3RWdZRFZRUURFd3QzZDNjdWFXUndMbU52YlRBZUZ3MHhNekV4TWpJd09ESXdOVEphRncwME9URXlNekV4TkRBd01EQmFNQll4RkRBU0JnTlZCQU1UQzNkM2R5NXBaSEF1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBaTBYSlJMRHJjYlN5cVVkOFhHNEJneE9iUU1ZTEFrRU5sbUpPc0FFcGwxeE1hYlVpcTFYNHYwRmM4WmFDcFVFM2ZGR0VOTUVXZ0JqblFVVUUwV3RWVWg1SlBNc3Vrb2xmOXFsamJKa0NrdkhYSDNPNFVlbjd2QTJvTlFXdDRiSzk2U3BYQURwWktGdnBrNEQ3YnRLT2dVL05hbWppcXdISTRmSThrRkpLd0tCSmNoUlBVUWRDNGxqUlJtR0lyU25wWSt0MjUvZDNLR1h3YmU5WjJNR0d5Mmh5QTB0Z09XdWNoSUsrMXZBS0tCVWg5bkRFWGZyODAreFc2ODB3NVRxSHlEY3FiV3ZRc1hYaEgweVpMZklOS05TNi9Jb2pIUHNCeTd0ZjM2Q2s5SDVQdysxUFB1Nk56QkZTejVaa0M4S3pyUzZ2dVpYYy9JbVlybmhlTVFzcXFRSURBUUFCbzBzd1NUQkhCZ05WSFFFRVFEQStnQkQ0ZFk0TUNQRW1HNHN4WnJjbmk4dnRvUmd3RmpFVU1CSUdBMVVFQXhNTGQzZDNMbWxrY0M1amIyMkNFSFR3Ni80aU5ZMjRRekU0K1ZXTW12a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQmhhazJhUjg0TUNkeVhPNEFLT1F2Wnlic0NNZGhScTJpMWkwV2hENC94ZTdSeTVoYUM2VGVYSXA4UTRjQzNNenNyRGFsNzR4SEk3MTRCVzBsb2FmcEhBc1hmZDlFdmtLVFZhSisxWnBlMTYrU3NUTDR1cFMxY0d5ZGlncXdVenNkcEdjazR3STFtb0o5NDc3Tys0NklmMmdGMjd1OUNkazdPbnhlLzVkd0xJeFdta1ZSZGJRSUg1R3NLVWVBak9kUlFteStYMU1YNkt5Um9hQ3dXR1l3eGk1U2ErciszQXREdkQ0QlgwRUpHS0ZaZWVNM0oveU1wWWgvNzVhTjBjRlFmREVkSjdDNU5FMHZvbmlkRTBRdElGdnNvV3RaVXR1cjJmaVc3eUJ4c2UzOFRQUXNpMnI2QTZjL1Rac1o1YnEzMXloM2dyM2tTTjYySDhpVktMUUxBPTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gVmVyc2lvbj0iMi4wIiBJRD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSIgSXNzdWVJbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOklzc3Vlcj5obHg8L3NhbWw6SXNzdWVyPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnBhY2s8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDEtMjVUMDc6NTY6MzEuNzM1WiIgUmVjaXBpZW50PSJodHRwczovL2NlcXVhc2xpZGVzLmNvbS9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZS5hc3B4IiBJblJlc3BvbnNlVG89Il8wODBmNTVhYS00NjU3LTQ4ZGItYjNjOS03NmExZTEzZTY0MzQiIC8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMjEtMDEtMjVUMDc6NTA6MzEuNzM1WiIgTm90T25PckFmdGVyPSIyMDIxLTAxLTI1VDA3OjU2OjMxLjczNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+Y2VxdWFzbGlkZXNzZXJ2aWNlcHJvdmlkZXI8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIxLTAxLTI1VDA3OjUzOjMxLjczNVoiIFNlc3Npb25JbmRleD0iXzdmZDdiNjcxLTc0MDEtNDQxMi1iODBhLWQyN2Y3NTRhODJiYSI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOnVuc3BlY2lmaWVkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ+PC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDpBdHRyaWJ1dGUgTmFtZT0idXNlcmlkICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj43MzM8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZmlyc3RuYW1lICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5QYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3RuYW1lICI+PHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj5KYWNrPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
11892/145: 1/25/2021 2:53:32 AM: The decoded base-64 string is: <samlp:Response ID="_199f3ab2-080e-40d0-bdd5-f170a861a2ce" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" Version="2.0" IssueInstant="2021-01-25T07:53:31.735Z" Destination="https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_199f3ab2-080e-40d0-bdd5-f170a861a2ce"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=</DigestValue></Reference></SignedInfo><SignatureValue>QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7fd7b671-7401-4412-b80a-d27f754a82ba" IssueInstant="2021-01-25T07:53:31.735Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T07:56:31.735Z" Recipient="https://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T07:50:31.735Z" NotOnOrAfter="2021-01-25T07:56:31.735Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T07:53:31.735Z" SessionIndex="_7fd7b671-7401-4412-b80a-d27f754a82ba"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
11892/145: 1/25/2021 2:53:32 AM: Received SAML message: <samlp:Response ID="_199f3ab2-080e-40d0-bdd5-f170a861a2ce" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" Version="2.0" IssueInstant="2021-01-25T07:53:31.735Z" Destination="https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_199f3ab2-080e-40d0-bdd5-f170a861a2ce"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=</DigestValue></Reference></SignedInfo><SignatureValue>QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7fd7b671-7401-4412-b80a-d27f754a82ba" IssueInstant="2021-01-25T07:53:31.735Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T07:56:31.735Z" Recipient="https://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T07:50:31.735Z" NotOnOrAfter="2021-01-25T07:56:31.735Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T07:53:31.735Z" SessionIndex="_7fd7b671-7401-4412-b80a-d27f754a82ba"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
11892/145: 1/25/2021 2:53:32 AM: Received response over HTTP POST, samlMessage=<samlp:Response ID="_199f3ab2-080e-40d0-bdd5-f170a861a2ce" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" Version="2.0" IssueInstant="2021-01-25T07:53:31.735Z" Destination="https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_199f3ab2-080e-40d0-bdd5-f170a861a2ce"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=</DigestValue></Reference></SignedInfo><SignatureValue>QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7fd7b671-7401-4412-b80a-d27f754a82ba" IssueInstant="2021-01-25T07:53:31.735Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T07:56:31.735Z" Recipient="https://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T07:50:31.735Z" NotOnOrAfter="2021-01-25T07:56:31.735Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T07:53:31.735Z" SessionIndex="_7fd7b671-7401-4412-b80a-d27f754a82ba"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>, relayState=
11892/145: 1/25/2021 2:53:32 AM: SAML message received: partner=hlx, message=<samlp:Response ID="_199f3ab2-080e-40d0-bdd5-f170a861a2ce" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" Version="2.0" IssueInstant="2021-01-25T07:53:31.735Z" Destination="https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_199f3ab2-080e-40d0-bdd5-f170a861a2ce"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=</DigestValue></Reference></SignedInfo><SignatureValue>QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7fd7b671-7401-4412-b80a-d27f754a82ba" IssueInstant="2021-01-25T07:53:31.735Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T07:56:31.735Z" Recipient="https://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T07:50:31.735Z" NotOnOrAfter="2021-01-25T07:56:31.735Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T07:53:31.735Z" SessionIndex="_7fd7b671-7401-4412-b80a-d27f754a82ba"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>, relay state=
11892/145: 1/25/2021 2:53:32 AM: Verifying the SAML response signature.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been retrieved from the cache.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Verifying the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Failed to verify the XML signature.
11892/145: 1/25/2021 2:53:32 AM: Signed XML: <samlp:Response ID="_199f3ab2-080e-40d0-bdd5-f170a861a2ce" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" Version="2.0" IssueInstant="2021-01-25T07:53:31.735Z" Destination="https://example.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_199f3ab2-080e-40d0-bdd5-f170a861a2ce"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>DLg9qOY7m3GdpiRsaISMLGY6nD2PK0UTESXt7Nl2NKA=</DigestValue></Reference></SignedInfo><SignatureValue>QbrSYJbxXRv8VmHrJ1SzYjCa3uJrEyMkQLkXL3k6S+pSrVF15gcL/zbAvSMC930iCfQvIXHz1cwCYIKA08GFc0c6//ETwU9PgG6gkdao2qBzvAtulkPOvK/iBUXVGsYbU2uYmPo4Hb6rR39kjJomjlHYDA5TU/5WCH3rrcYZvPJ3Km1clf7PsmYezciHVpSZ1oiKuW8ruxoj8nOrYupWJqGjPyKfPSd/rxtxADlaIj8r/17bqcKCP4gBFFV+xBGqk6XQvBWKLSkyFOMit110hMOA7xalpGz8qZ/CzP5wGNR7tfzuanHcJzmSPoVIWuyh1jG9pFV1T+5Q60tRa6F0/w==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_7fd7b671-7401-4412-b80a-d27f754a82ba" IssueInstant="2021-01-25T07:53:31.735Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T07:56:31.735Z" Recipient="https://example.com/SAML/AssertionConsumerService.aspx" InResponseTo="_080f55aa-4657-48db-b3c9-76a1e13e6434" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T07:50:31.735Z" NotOnOrAfter="2021-01-25T07:56:31.735Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T07:53:31.735Z" SessionIndex="_7fd7b671-7401-4412-b80a-d27f754a82ba"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>.
11892/145: 1/25/2021 2:53:32 AM: The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.
11892/145: 1/25/2021 2:53:32 AM: The verifying key type is RSACryptoServiceProvider.
11892/145: 1/25/2021 2:53:32 AM: The verifying key's associated cryptographic service provider is "".
11892/145: 1/25/2021 2:53:32 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
It's odd that this is an intermittent issue. It looks like there's a certificate configuration mismatch which would be a persistent issue.

The log includes:

The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.

What this means is that the dexcom.hlxbureau.com certificate is configured in your SP to be used to verify signatures from the IdP. However, the www.idp.com certificate is embedded in the XML signature from the IdP.

Please ensure that the correct certificate is configured at the IdP and that this isn't being changed.



Regards
ComponentSpace Development
mayur4monto
mayur4monto
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 47
Please see below log

both certificate are same still it says Failed to verify Signature 

11892/190: 1/25/2021 12:18:31 AM: SAML message received: partner=hlx, message=<samlp:Response ID="_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1" InResponseTo="_d988320e-56e6-449d-b3b9-45f69e427539" Version="2.0" IssueInstant="2021-01-25T05:18:31.132Z" Destination="https://cequaslides.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>SYZhtvoo6zHjSuAgXKIB3yblBVDqlKV4PFCVm5p8aYk=</DigestValue></Reference></SignedInfo><SignatureValue>hOd3S1eTjg2tVAja5doRUcHmyamr38eTifzQiuyOjIejkrzQiU0Kom/DPuADOMAfYT9315cXviDC0z9o+rjpN1gzJfM7/pjM5ruZhi9zAcVGaY5yZhcdTxI7kZOLo+mtEVF+GRUSGrgOIzTmB0Gfn3uLwxzUb1at38QurN61JDP6b77KSQP0oRFRRgOcI8tWuhES6IVKICgDIq5TNqSgfEClHOW9bOz3Q3DQ5jZrLbAf/gcRxZ+d7PyeC5mKpOfDcboN4tbiQLRacNdqDKlIjX0GATcTaKMN9XNtAHorot7YHiRvOhYZYycnieM+8jWlAB+vd5Bjk6spmlQ4duaz+g==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_63e1f317-2ec6-4fac-9e35-c11c1ed07be7" IssueInstant="2021-01-25T05:18:31.132Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T05:21:31.132Z" Recipient="https://cequaslides.com/SAML/AssertionConsumerService.aspx" InResponseTo="_d988320e-56e6-449d-b3b9-45f69e427539" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T05:15:31.132Z" NotOnOrAfter="2021-01-25T05:21:31.132Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T05:18:31.132Z" SessionIndex="_63e1f317-2ec6-4fac-9e35-c11c1ed07be7"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>, relay state=
11892/190: 1/25/2021 12:18:31 AM: Verifying the SAML response signature.
11892/190: 1/25/2021 12:18:31 AM: Loading the X.509 certificate from the file C:\Inetpub\vhosts\cequaslides.com\httpdocs\Certificates\idp.cer.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been loaded.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E has been cached.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Verifying the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Failed to verify the XML signature.
11892/190: 1/25/2021 12:18:31 AM: Signed XML: <samlp:Response ID="_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1" InResponseTo="_d988320e-56e6-449d-b3b9-45f69e427539" Version="2.0" IssueInstant="2021-01-25T05:18:31.132Z" Destination="https://cequaslides.com/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">hlx</saml:Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><Reference URI="#_aa58d6ea-0f6c-4dfc-b13e-22898e9c87b1"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><DigestValue>SYZhtvoo6zHjSuAgXKIB3yblBVDqlKV4PFCVm5p8aYk=</DigestValue></Reference></SignedInfo><SignatureValue>hOd3S1eTjg2tVAja5doRUcHmyamr38eTifzQiuyOjIejkrzQiU0Kom/DPuADOMAfYT9315cXviDC0z9o+rjpN1gzJfM7/pjM5ruZhi9zAcVGaY5yZhcdTxI7kZOLo+mtEVF+GRUSGrgOIzTmB0Gfn3uLwxzUb1at38QurN61JDP6b77KSQP0oRFRRgOcI8tWuhES6IVKICgDIq5TNqSgfEClHOW9bOz3Q3DQ5jZrLbAf/gcRxZ+d7PyeC5mKpOfDcboN4tbiQLRacNdqDKlIjX0GATcTaKMN9XNtAHorot7YHiRvOhYZYycnieM+8jWlAB+vd5Bjk6spmlQ4duaz+g==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate></X509Data></KeyInfo></Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><saml:Assertion Version="2.0" ID="_63e1f317-2ec6-4fac-9e35-c11c1ed07be7" IssueInstant="2021-01-25T05:18:31.132Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>hlx</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">pack</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2021-01-25T05:21:31.132Z" Recipient="https://cequaslides.com/SAML/AssertionConsumerService.aspx" InResponseTo="_d988320e-56e6-449d-b3b9-45f69e427539" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2021-01-25T05:15:31.132Z" NotOnOrAfter="2021-01-25T05:21:31.132Z"><saml:AudienceRestriction><saml:Audience>cequaslidesserviceprovider</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2021-01-25T05:18:31.132Z" SessionIndex="_63e1f317-2ec6-4fac-9e35-c11c1ed07be7"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="userid "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">733</saml:AttributeValue></saml:Attribute><saml:Attribute Name="firstname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Pack</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastname "><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Jack</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>.
11892/190: 1/25/2021 12:18:31 AM: The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature.
11892/190: 1/25/2021 12:18:31 AM: The verifying key type is RSACryptoServiceProvider.
11892/190: 1/25/2021 12:18:31 AM: The verifying key's associated cryptographic service provider is "".
11892/190: 1/25/2021 12:18:31 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The SAML response signature failed to verify.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I'm not sure what you mean. This trace is the same as the previous and shows the certificates are different.

The X.509 certificate with subject name CN=dexcom.hlxbureau.com, C=NO, serial number 0D2EBAF0 and thumbprint A4ADD47B8AB3CA043F6A7652835E3255E8DAAD2E is being used to verify the XML signature.

The X.509 certificate with subject name CN=www.idp.com, serial number 74F0EBFE22358DB8433138F9558C9AF9 and thumbprint A6A4AE4E0B378EC73678E5812690AF50E3EC3769 is embedded in the XML signature. 

Regards
ComponentSpace Development
mayur4monto
mayur4monto
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 47
Our Identity Provider has provided certificate. 

I want to test that certificate with the demo application 

so when I replace that certificate with idp.cer file in both service provider and identity provider demo  project it gives error 

Can you let me know how can I test the certificate? with demo application 



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
If the www.idp.com test certificate is the correct one, update your service provider's saml.config to specify this as the partner certificate file. For example:


<PartnerIdentityProvider
  Name="..."
  <PartnerCertificates>
   <Certificate FileName="Certificates\idp.cer"/>
  </PartnerCertificates>
 </PartnerIdentityProvider>



The idp.cer file will be used to attempt to verify XML signatures from this identity provider.

Regards
ComponentSpace Development
mayur4monto
mayur4monto
New Member
New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)New Member (8 reputation)

Group: Forum Members
Posts: 6, Visits: 47
ComponentSpace - 1/27/2021
If the www.idp.com test certificate is the correct one, update your service provider's saml.config to specify this as the partner certificate file. For example:


<PartnerIdentityProvider
  Name="..."
  <PartnerCertificates>
   <Certificate FileName="Certificates\idp.cer"/>
  </PartnerCertificates>
 </PartnerIdentityProvider>



The idp.cer file will be used to attempt to verify XML signatures from this identity provider.

Hello,

dexcom.hlxbureau.com is the certificate that I need to use. 

So in the demo application 
1 Identity provider - I am modifying  idp.cer by opening it to notepad, update the certificate code and save it 
2 Servuce Provider - I am modifying  idp.cer by opening it to notepad, update the certificate code and save it 

so that why I am updating existing cer file  but I am getting above error

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Do you have the private key for the dexcom.hlxbureau.com certificate?

The identity provider would need this to sign the SAML response.

If you do, you have to update the idp.pfx which is the local certificate for the identity provider. It doesn't use the idp.cer file.

The identity provider signs with the private key (eg idp.pfx) and the service provider verifies with the corresponding public key (eg idp.cer).

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search