SAML response Verifying – Signature verification failed: invalid padding

by

Facing following issue while verifying the SAML response manually.

Signature verification failed: invalid padding

Sample:

from xml.etree import ElementTree
from signxml import XMLSigner, XMLVerifier
import os

cert = open(os.getcwd() + "/keys/sp-certificate.pem").read()
key = open(os.getcwd() + "/keys/sp-private-key.pem").read()
data=""'<samlp:Response Version="2.0" ID="jl1k7A6m...." IssueInstant="2023-11-17T07:03:52.988Z" InResponseTo="_115ad106a6b...." xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Pingfed_1sev</saml:Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion ID="JQq6dGwr7jGk....n" IssueInstant="2023-11-17T07:03:52.995Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Issuer>Pingfed_1sev</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#JQq6dGwr7jGksKZ4z...."><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>Nv53....uYo23Ljm4n7Jfnso=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>DU...............CNMMb5VFT/LHlr4TpDi..........ysOwfACncAVz+IOZtuAK+YfKwn/3UIt+iPPLtQDWD4Wv05Yrz+djhAfeSvgO.............MQmeA9MP5b/N+mf/8ye6vNDuTzEq6D......abiD/scsz.....L7VKGGvCwKvU7+.....ys1vQbPg==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIHFzCCBP+gAwIBAgITQQBwV7ncbbg.............zNKMZ3Q==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">ID12345</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData Recipient="https://sample.com/saml/acs/" NotOnOrAfter="2023-11-17T07:08:52.995Z" InResponseTo="_115ad106a...."/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2023-11-17T06:58:52.995Z" NotOnOrAfter="2023-11-17T07:08:52.995Z"><saml:AudienceRestriction><saml:Audience>https://sample.com/saml/metadata.xml</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement SessionIndex="JQq6dGwr..." AuthnInstant="2023-11-17T07:03:52.990Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="SAML_MUID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">ID12345</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>'''

xml_obj = ElementTree.fromstring(data)
signed_xml_obj = XMLSigner().sign(xml_obj, key=key,cert=cert)

try:
    a = XMLVerifier().verify(signed_xml_obj, x509_cert=cert).signed_xml
except Exception as e:
    print(str(e))

Used Link 1

Related With: Signature verification failed invalid padding – Python flask-saml2

Leave a Comment