2 years ago

#67148

test-img

myquest2 sh

error msg "The response was received at http://myflask.loca.lt/ instead of https://myflask.loca.lt/?acs" by using onelogin and python3-saml

I am implemeting SP using python3-saml for onelogin IDP. However, i get error

The response was received at http://myflask.loca.lt/ instead of https://myflask.loca.lt/?acs

my saml/settings.json is given below

{
    "strict": true,
    "debug": true,
    "sp": {
        "entityId": "https://myflask.loca.lt/metadata/",
        "assertionConsumerService": {
            "url": "https://myflask.loca.lt/?acs",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        },
        "singleLogoutService": {
            "url": "https://myflask.loca.lt/?sls",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "NameIDFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
        "x509cert": "",
        "privateKey": ""
    },
    "idp": {
        "entityId": "https://app.onelogin.com/saml/metadata/ac64b1cf-7962-4f1d-a76f-80dece77a8d1",
        "singleSignOnService": {
            "url": "https://cognostics-dev.onelogin.com/trust/saml2/http-post/sso/ac64b1cf-7962-4f1d-a76f-80dece77a8d1",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "singleLogoutService": {
            "url": "https://cognostics-dev.onelogin.com/trust/saml2/http-redirect/slo/1645664",
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        },
        "x509cert": "MIID5TCCAs2gAwIBAgIUKKfNS9woxsohxiuhfebZg+pv+dcwDQYJKoZIhvcNAQEFBQAwSDETMBEGA1UECgwKQ29nbm9zdGljczEVMBMGA1UECwwMT25lTG9naW4gSWRQMRowGAYDVQQDDBFPbmVMb2dpbiBBY2NvdW50IDAeFw0yMjAxMTgxOTUyMDNaFw0yNzAxMTgxOTUyMDNaMEgxEzARBgNVBAoMCkNvZ25vc3RpY3MxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNjb3VudCAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClIY080t1H90Ip76+ATp+61zDtJaMZ6YAQ2LKSQ0xIU/0tltgbVeacgncjMnSx+NYVtiAChqWyXuXvnYExtGb3KX2ZQtl5iIj+iBMBs2RGGB7oWPiBpkbxUSizSqm+M4LKtlu6jw2TDWWAt6shz6lGScmyfgnpjfTd2WAPmSut7uevnSgD/ZUatXhyUQBtRetfX3e1BwUCzUtpBkr6GyDchBtJMTChhgdQiQwmGvpAWfCu3I0py6LCIOdQ/HqhRB2z/J4Up134gvJMzID5OhQREUV/OvslfChOblcRGLqts8zKdJLE9i/7LQ6s5MxYKRhxm4uAXAf/Zt7NxzdMufmnAgMBAAGjgcYwgcMwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUx+h3O7byohAIy8RyOxlu/jmpiLIwgYMGA1UdIwR8MHqAFMfodzu28qIQCMvEcjsZbv45qYiyoUykSjBIMRMwEQYDVQQKDApDb2dub3N0aWNzMRUwEwYDVQQLDAxPbmVMb2dpbiBJZFAxGjAYBgNVBAMMEU9uZUxvZ2luIEFjY291bnQgghQop81L3CjGyiHGK6F95tmD6m/51zAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEBAFERP2aFuYbQyjdQMRN1/ih/OzOWdAbGf30CE4T7upxu9pUvcE2JqbgOiCuVrbnnGPbcwJX3p3iuwRsqBDC7xqfbiwcfwiSTJwS+xyrQAjE01HxpBsW374y/3SC+HgS4EK4CJYs8RSPAhtXu0Y1BDa86/rFAGvUfaiAAFLaiSC0eSueIykkYHI7gb0HZZOkyN0ERTgl8+dpA18tlUyq4Lq/U9I7861bHJqVJDlm41b0R3hKFcAxp4tETvXiAefIA6pBZib5AAv5wG4TMQdSVOQLBzpTceY62mC6VME6dCUbKO0PSjz5UGWMJ1FWOyaMCm7X8YdSxl0uOzFMlQ8g+no8="
    }
}

I run my web application on localhost but use "localtunnel" utility to get a public url "https://myflask.loca.lt/" for this. Why I am getting above error? how can it be fixed?

added saml request info as asked

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="ONELOGIN_5bec34ff09934c65e681b4d32174928ee110f161"
                    Version="2.0"
                    ProviderName="SP test"
                    IssueInstant="2022-01-19T05:31:58Z"
                    Destination="https://cognostics-dev.onelogin.com/trust/saml2/http-post/sso/ac64b1cf-7962-4f1d-a76f-80dece77a8d1"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    AssertionConsumerServiceURL="https://myflask.loca.lt/?acs"
                    >
    <saml:Issuer>https://myflask.loca.lt/metadata/</saml:Issuer>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                        AllowCreate="true"
                        />
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

added saml response as asked

<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                ID="pfx413bd5c8-e95e-cbbd-cdf7-1796daa0a0f5"
                Version="2.0"
                IssueInstant="2022-01-19T05:32:23Z"
                Destination="https://myflask.loca.lt/?acs"
                InResponseTo="ONELOGIN_5bec34ff09934c65e681b4d32174928ee110f161"
                >
    <saml:Issuer>https://app.onelogin.com/saml/metadata/ac64b1cf-7962-4f1d-a76f-80dece77a8d1</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#pfx413bd5c8-e95e-cbbd-cdf7-1796daa0a0f5">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <ds:DigestValue>HT8pN7TU6YPYbznR+QcAtA9pzaY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>NQe2rkzYfyfmvhUDvkvKetIrh8Irm</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIID5TCCAs2gAwIBAgIUKKfNS</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    xmlns:xs="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    Version="2.0"
                    ID="A36f1fa7d9d562a03193e5ac0660979e3c1042edf"
                    IssueInstant="2022-01-19T05:32:23Z"
                    >
        <saml:Issuer>https://app.onelogin.com/saml/metadata/ac64b1cf-7962-4f1d-a76f-80dece77a8d1</saml:Issuer>
        <saml:Subject>
            <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">shardul.kumar@cognostics.de</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData NotOnOrAfter="2022-01-19T05:35:23Z"
                                              Recipient="https://myflask.loca.lt/?acs"
                                              InResponseTo="ONELOGIN_5bec34ff09934c65e681b4d32174928ee110f161"
                                              />
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions NotBefore="2022-01-19T05:29:23Z"
                         NotOnOrAfter="2022-01-19T05:35:23Z"
                         >
            <saml:AudienceRestriction>
                <saml:Audience>https://myflask.loca.lt/metadata/</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2022-01-19T05:32:22Z"
                             SessionNotOnOrAfter="2022-01-20T05:32:23Z"
                             SessionIndex="_676ec47c-c9c8-449a-839d-a14c79fb1178"
                             >
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

python

saml

onelogin

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs