This only works with the example certificate
aapi-rp opened this issue · 4 comments
This is a fantastic development effort, I am using it to sign my SAML assertion and its accepted at all IDP's. There is one issue however, the signature can only be verified if I used the example certificate that comes in the package. Can someone please tell me how to create a cert that works using openssl for the development.
If you guys give me this information, I am going to release a SAML package that will generate a proper SAML Response. This will be the first native golang SAML implementation that actually works for golang that produces a SAML response in a logical manner. I had to build my own SAML library because nothing on github worked properly.
I'm not sure of the exact problem you're running into, but there are several ways to create a cert for signing. A few options:
- Use this tool: https://www.samltool.com/self_signed_certs.php
- openssl examples: https://www.sslshopper.com/article-most-common-openssl-commands.html
Thank you for the reply. Basically, whats happening is, if I use the www.example.com certificate that you created during development then the signature is validated properly at the service provider, but when I try to use any certificates that I generate using openssl, the signature is generated properly in the SAML but the Service Provider signature verification fails at the service provider.
I was just wondering what your step by step process was for generating the www.example.com certificate so I can mimic it on my side. This is the only thing keeping me from releasing my library to github with your library for a dependency. This will be the first true native SAML library on github using Go.
Removed
This was actually a coding issue, it seems to be working now. There was a block of code expecting a PKCS1 certificate so it was messing everything up.
Thank you for your help, you can close this.