AnsweredAssumed Answered

SSO + SAML + LARAVEL  - Failed To Log In

Question asked by Ramesh Dhawale on Sep 10, 2019

Integrated sso for login canvas from laravel but having a issue

 


Can some one help me to debug and fix this issue. Below are details of request and response.

 

Testing state:

Forwarding user to IdP for authentication
AuthnRequest sent to IdP
Request ID:
_883f6353-07d3-489f-9485-1af94bcf7766
LoginRequest encoded URL:
http://localhost:8888/auth?SAMLRequest=fVLBbtpAEL33K6y9G9tAsL0CJAqqipS0Frg95BJt1uOw0nrX3Rkn5O%2BzNtByaPDF0sx7b%2Ba9nTmKRrd81dHB7OBPB0jBsdEG%2BdBYsM4ZbgUq5EY0gJwk368e7vl4FPPWWbLSanZFuc0QiOBIWcOC7WbBnrJsUs8md5MwTqtJOM3yOsyn2V2YiDqfPss6TWczFvwGh56zYF7CExE72BokYciX4iQP4zxM4jKJeTzjSfrIgo33oYyggXUgankUaSuFPlgknvkvEt4yC1aXhdbWYNeA24N7VRJ%2B7e5PRPTMZJyO4lEySrzGizJR75MFxdn9V2UqZV5uG38%2BgZB%2FL8siLH7uS7ac9zp8sOOW5yX%2Fjeqb43l0jZmfHuuHV99uCquVfA%2B%2BWdcI%2Bny4lxoqqgrrAcqhEUqvqsoBog9Aa%2Fu2diAIFoxcByy6zDnfA1TDdfiACI4UrG3TCqewTxaOQtLFyDVqrf1L76Be3jwGyWWP8%2BXC%2F96sq%2FpMQfqRpRMGW%2BvonMB%2FxU%2B9Txb9272%2B7eWXDw%3D%3D
LoginRequest XML sent to IdP:
<?xml version="1.0"?> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_883f6353-07d3-489f-9485-1af94bcf7766" Version="2.0" IssueInstant="2019-09-10T10:06:17Z" Destination="http://localhost:8888/auth" AssertionConsumerServiceURL="https://127.0.1.1/login/saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">   <saml:Issuer>http://127.0.1.1/saml2</saml:Issuer>   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>   <samlp:RequestedAuthnContext Comparison="exact">     <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>   </samlp:RequestedAuthnContext> </samlp:AuthnRequest>
PD94bWwgdmVyc2lvbj0iMS4wIj8+CjxzYW1scDpSZXNwb25zZSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0iX2NkZGE4MzBkZTA2NDZiMTRhYTQxNTY1ZDg3ZDA1YzQ0OWQ4YjExZDFlYyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTktMDktMTBUMTA6MTE6MjVaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9zdDo4MDgwL2xvZ2luL3NhbWwiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vbG9jYWxob3N0Ojg4ODgvc3NvL21ldGFkYXRhL0dXd2kyc2tQWHRYbEo3cTc8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgogIDxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNfY2RkYTgzMGRlMDY0NmIxNGFhNDE1NjVkODdkMDVjNDQ5ZDhiMTFkMWVjIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT4ySEYxVW91S3FRbVNXaVMyN1pvK29CSjlXMDQ9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkxiRVM1S08xZm1yV2VFaGdzYzNVMU82aUdlSHJBdGpkZ3l4YTBnZzh0bzQ1T0RXUVlVR0RaK0YrTFE5a2lIaVpncklwZUVXK29ycHJOck1EczFIUkZwVjhud2gwNEZHckFlQkdPb2dNZGxjZXE3V0hGc1ZNU1VKR1JoWGdMVzFHVmxsQVBRMUdJdFdQa3FTclA0dzQvY25mY1Fub01hQTNjdGNOQ1lRZ3dSbz08L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDcERDQ0FnMmdBd0lCQWdJQkFEQU5CZ2txaGtpRzl3MEJBUVVGQURCdk1Rc3dDUVlEVlFRR0V3SnBiakVVTUJJR0ExVUVDQXdMVFdGb1lYSmhjMmgwY21FeERUQUxCZ05WQkFvTUJGUmxjM1F4RWpBUUJnTlZCQU1NQ1d4dlkyRnNhRzl6ZERFbk1DVUdDU3FHU0liM0RRRUpBUllZY21GdFpYTm9RRzF2Ym1Ga2FXNW1iM1JsWTJndVkyOXRNQjRYRFRFNU1EZ3lOakE1TURnMU5Wb1hEVEl3TURneU5UQTVNRGcxTlZvd2J6RUxNQWtHQTFVRUJoTUNhVzR4RkRBU0JnTlZCQWdNQzAxaGFHRnlZWE5vZEhKaE1RMHdDd1lEVlFRS0RBUlVaWE4wTVJJd0VBWURWUVFEREFsc2IyTmhiR2h2YzNReEp6QWxCZ2txaGtpRzl3MEJDUUVXR0hKaGJXVnphRUJ0YjI1aFpHbHVabTkwWldOb0xtTnZiVENCbnpBTkJna3Foa2lHOXcwQkFRRUZBQU9CalFBd2dZa0NnWUVBM2JnZzVHNS83bjZqOEtsVC91ZERpaS9PNVlXK0pHc0JTaTNqN0V0R2tURHZPb29nY2s2Szd4NFc0VHNpazFCQVVmbWtOS3VNVTNHaWkwYjcyZVNYblVVS1FPQVFNdnpJdHNuL2kwcmlScENURWxaTG5ubHVUOExNbjlpR1lua2pFL0dudEZqZ3RmUzhOelJEOGlBeEduNVlObnduZlY2TTRXQUJUaDd0bm84Q0F3RUFBYU5RTUU0d0hRWURWUjBPQkJZRUZBU3VEa1hiOGZadUlaZEhxL28valVDbHB5a3ZNQjhHQTFVZEl3UVlNQmFBRkFTdURrWGI4Zlp1SVpkSHEvby9qVUNscHlrdk1Bd0dBMVVkRXdRRk1BTUJBZjh3RFFZSktvWklodmNOQVFFRkJRQURnWUVBVXJxMWFIY0JzOHN4TlVVV2VpWGlVVkQwN0FzUWFrVXRueDJmVW1jQ0VLNUYzY21peDR4eUJZSWc1WEp0VnJTQ240aHNKWXJQR2FpZElYMkNNOTJVdzNwM1Q5YWFxVVRKaG8rbW5LNGNrM3R6SS94YlFnV09MSWtlUTlKT3U3Nm9jNHhWQnR3aTM1enQ3M0VPbWFyeVBIV1ZOZFU3WXAyVmkvb05ya25YK0ZrPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24geG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNDg5YjUyNzJjZmQzYTllOTExMzE5ODZkODhlYzhkNWIzZTk0YzcwZjBiIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOS0wOS0xMFQxMDoxMToyNVoiPjxJc3N1ZXI+aHR0cDovL2xvY2FsaG9zdDo4ODg4L3Nzby9tZXRhZGF0YS9HV3dpMnNrUFh0WGxKN3E3PC9Jc3N1ZXI+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+ZGFuQG5hdm5vcnRoLmNvbTwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iXzNlNmFkNmQzLWJiZmEtNDIyNS1iODM3LTkxMWVhMDc2ZjcwYiIgTm90T25PckFmdGVyPSIyMDE5LTA5LTEwVDEwOjEyOjI1WiIgUmVjaXBpZW50PSJodHRwczovLzEyNy4wLjEuMS9sb2dpbi9zYW1sIi8+PC9TdWJqZWN0Q29uZmlybWF0aW9uPjwvU3ViamVjdD48Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDktMTBUMTA6MTE6MjVaIiBOb3RPbk9yQWZ0ZXI9IjIwMTktMDktMTBUMTA6MTI6MjVaIj48QXVkaWVuY2VSZXN0cmljdGlvbj48QXVkaWVuY2U+aHR0cHM6Ly8xMjcuMC4xLjEvbG9naW4vc2FtbDwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZW1haWxhZGRyZXNzIj48QXR0cmlidXRlVmFsdWU+ZGFuQG5hdm5vcnRoLmNvbTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9jbGFpbXMvQ29tbW9uTmFtZSI+PEF0dHJpYnV0ZVZhbHVlPkNhcnRvZ3JhcGhpIEFkbWluPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE5LTA5LTEwVDEwOjAxOjI1WiIgU2Vzc2lvbkluZGV4PSJfc29tZV9zZXNzaW9uX2luZGV4Ij48QXV0aG5Db250ZXh0PjxBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydDwvQXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9BdXRobkNvbnRleHQ+PC9BdXRoblN0YXRlbWVudD48L0Fzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPgo=
<?xml version="1.0"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_cdda830de0646b14aa41565d87d05c449d8b11d1ec" Version="2.0" IssueInstant="2019-09-10T10:11:25Z" Destination="http://localhost:8080/login/saml">  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8888/sso/metadata/GWwi2skPXtXlJ7q7</saml:Issuer>  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">    <ds:SignedInfo>      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>      <ds:Reference URI="#_cdda830de0646b14aa41565d87d05c449d8b11d1ec">        <ds:Transforms>          <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>        </ds:Transforms>        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>        <ds:DigestValue>2HF1UouKqQmSWiS27Zo+oBJ9W04=</ds:DigestValue>      </ds:Reference>    </ds:SignedInfo>    <ds:SignatureValue>LbES5KO1fmrWeEhgsc3U1O6iGeHrAtjdgyxa0gg8to45ODWQYUGDZ+F+LQ9kiHiZgrIpeEW+orprNrMDs1HRFpV8nwh04FGrAeBGOogMdlceq7WHFsVMSUJGRhXgLW1GVllAPQ1GItWPkqSrP4w4/cnfcQnoMaA3ctcNCYQgwRo=</ds:SignatureValue>    <ds:KeyInfo>      <ds:X509Data>        <ds:X509Certificate>MIICpDCCAg2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJpbjEUMBIGA1UECAwLTWFoYXJhc2h0cmExDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDEnMCUGCSqGSIb3DQEJARYYcmFtZXNoQG1vbmFkaW5mb3RlY2guY29tMB4XDTE5MDgyNjA5MDg1NVoXDTIwMDgyNTA5MDg1NVowbzELMAkGA1UEBhMCaW4xFDASBgNVBAgMC01haGFyYXNodHJhMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxJzAlBgkqhkiG9w0BCQEWGHJhbWVzaEBtb25hZGluZm90ZWNoLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3bgg5G5/7n6j8KlT/udDii/O5YW+JGsBSi3j7EtGkTDvOoogck6K7x4W4Tsik1BAUfmkNKuMU3Gii0b72eSXnUUKQOAQMvzItsn/i0riRpCTElZLnnluT8LMn9iGYnkjE/GntFjgtfS8NzRD8iAxGn5YNnwnfV6M4WABTh7tno8CAwEAAaNQME4wHQYDVR0OBBYEFASuDkXb8fZuIZdHq/o/jUClpykvMB8GA1UdIwQYMBaAFASuDkXb8fZuIZdHq/o/jUClpykvMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAUrq1aHcBs8sxNUUWeiXiUVD07AsQakUtnx2fUmcCEK5F3cmix4xyBYIg5XJtVrSCn4hsJYrPGaidIX2CM92Uw3p3T9aaqUTJho+mnK4ck3tzI/xbQgWOLIkeQ9JOu76oc4xVBtwi35zt73EOmaryPHWVNdU7Yp2Vi/oNrknX+Fk=</ds:X509Certificate>      </ds:X509Data>    </ds:KeyInfo>  </ds:Signature>  <samlp:Status>    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>  </samlp:Status>  <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_489b5272cfd3a9e91131986d88ec8d5b3e94c70f0b" Version="2.0" IssueInstant="2019-09-10T10:11:25Z">    <Issuer>http://localhost:8888/sso/metadata/GWwi2skPXtXlJ7q7</Issuer>    <Subject>      <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">dan@navnorth.com</NameID>      <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">        <SubjectConfirmationData InResponseTo="_3e6ad6d3-bbfa-4225-b837-911ea076f70b" NotOnOrAfter="2019-09-10T10:12:25Z" Recipient="https://127.0.1.1/login/saml"/>      </SubjectConfirmation>    </Subject>    <Conditions NotBefore="2019-09-10T10:11:25Z" NotOnOrAfter="2019-09-10T10:12:25Z">      <AudienceRestriction>        <Audience>https://127.0.1.1/login/saml</Audience>      </AudienceRestriction>    </Conditions>    <AttributeStatement>      <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">        <AttributeValue>dan@navnorth.com</AttributeValue>      </Attribute>      <Attribute Name="http://schemas.xmlsoap.org/claims/CommonName">        <AttributeValue>Cartographi Admin</AttributeValue>      </Attribute>    </AttributeStatement>    <AuthnStatement AuthnInstant="2019-09-10T10:01:25Z" SessionIndex="_some_session_index">      <AuthnContext>        <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>      </AuthnContext>    </AuthnStatement>  </Assertion></samlp:Response>

Outcomes