Am 2019-04-09 um 21:20 schrieb Rainer Hoerbe <rainer at hoerbe.at>: Using a SAMl2SAML configuration I get 'Unsupported sign algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'>. pysaml2 does support his since a couple of years. Has anybody encountered this? - Rainer [2019-04-09 21:01:44] [DEBUG]: [urn:uuid:0afc6b35-2ff2-436e-a7db-bb8d2fc877a0] Routing to frontend: Saml2IDP [2019-04-09 21:01:44] [DEBUG]: [urn:uuid:0afc6b35-2ff2-436e-a7db-bb8d2fc877a0] Filter: ['name', 'telephoneNumber', 'surname', 'givenname', 'mail', 'uid', 'displayname', 'title'] [2019-04-09 21:01:44] [DEBUG]: frontend attribute displayName mapped from displayname [2019-04-09 21:01:44] [DEBUG]: frontend attribute givenName mapped from givenname [2019-04-09 21:01:44] [DEBUG]: frontend attribute email mapped from mail [2019-04-09 21:01:44] [DEBUG]: frontend attribute cn mapped from name [2019-04-09 21:01:44] [DEBUG]: frontend attribute sn mapped from surname [2019-04-09 21:01:44] [DEBUG]: frontend attribute uid mapped from uid [2019-04-09 21:01:44] [DEBUG]: [urn:uuid:0afc6b35-2ff2-436e-a7db-bb8d2fc877a0] returning attributes {"displayName": ["User Test"], "givenName": ["Test"], "email": ["test at bmspot.gv.at <mailto:test at bmspot.gv.at>"], "cn": ["Test User"], "sn": ["User"], "uid": ["test at bmspot.gv.at <mailto:test at bmspot.gv.at>"]} [2019-04-09 21:01:44] [ERROR]: [urn:uuid:0afc6b35-2ff2-436e-a7db-bb8d2fc877a0] Unsupported sign algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> [2019-04-09 21:01:44] [ERROR]: [urn:uuid:0afc6b35-2ff2-436e-a7db-bb8d2fc877a0] Uncaught exception Traceback (most recent call last): File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 366, in _handle_authn_response args['sign_alg'] = getattr(xmldsig, sign_alg) AttributeError: module 'saml2.xmldsig' has no attribute 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>' The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 286, in run resp = self._run_bound_endpoint(context, spec) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 228, in _run_bound_endpoint return spec(context) File "/opt/venv/lib/python3.6/site-packages/satosa/backends/saml2.py", line 238, in authn_response return self.auth_callback_func(context, self._translate_response(authn_response, context.state)) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 197, in _auth_resp_callback_func context, internal_response) File "/opt/venv/lib/python3.6/site-packages/satosa/micro_services/attribute_modifications.py", line 17, in process return super().process(context, data) File "/opt/venv/lib/python3.6/site-packages/satosa/micro_services/base.py", line 33, in process return self.next(context, data) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 168, in _auth_resp_finish return frontend.handle_authn_response(context, internal_response) File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 84, in handle_authn_response return self._handle_authn_response(context, internal_response, self.idp) File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 370, in _handle_authn_response raise Exception(errmsg) from e Exception: Unsupported sign algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> [2019-04-09 21:01:44] [ERROR]: Unknown error Traceback (most recent call last): File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 366, in _handle_authn_response args['sign_alg'] = getattr(xmldsig, sign_alg) AttributeError: module 'saml2.xmldsig' has no attribute 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>' The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 286, in run resp = self._run_bound_endpoint(context, spec) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 228, in _run_bound_endpoint return spec(context) File "/opt/venv/lib/python3.6/site-packages/satosa/backends/saml2.py", line 238, in authn_response return self.auth_callback_func(context, self._translate_response(authn_response, context.state)) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 197, in _auth_resp_callback_func context, internal_response) File "/opt/venv/lib/python3.6/site-packages/satosa/micro_services/attribute_modifications.py", line 17, in process return super().process(context, data) File "/opt/venv/lib/python3.6/site-packages/satosa/micro_services/base.py", line 33, in process return self.next(context, data) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 168, in _auth_resp_finish return frontend.handle_authn_response(context, internal_response) File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 84, in handle_authn_response return self._handle_authn_response(context, internal_response, self.idp) File "/opt/venv/lib/python3.6/site-packages/satosa/frontends/saml2.py", line 370, in _handle_authn_response raise Exception(errmsg) from e Exception: Unsupported sign algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/opt/venv/lib/python3.6/site-packages/satosa/proxy_server.py", line 113, in __call__ resp = self.run(context) File "/opt/venv/lib/python3.6/site-packages/satosa/base.py", line 302, in run raise SATOSAUnknownError("Unknown error") from err satosa.exception.SATOSAUnknownError: Unknown error <saml2_frontend.yaml>