Ho un problema con la creazione dell'ambiente di test con spid-testenv2
Di seguito riporto le configurazioni
spid-testenv2/config.yaml
metadata:
local:
- metadata.xml
spid-perl-dancer/config.yml
logger: "console"
appname: "SPID Test"
template: "template_toolkit"
session: "Simple"
# Configuration for the Dancer::Plugin::SPID module:
plugins:
SPID:
sp_entityid: "http://spid-perl.lvh.me:3000/"
sp_key_file: "sp.key"
sp_cert_file: "sp.pem"
#cacert_file: "cacert.pem"
idp_metadata_dir: "idp_metadata/"
login_endpoint: "/spid-login"
logout_endpoint: "/spid-logout"
sso_endpoint: "/spid-sso"
slo_endpoint: "/spid-slo"
Il metadata dell'IdP l'ho generato direttamente in questo modo
curl http://spid-testenv/metadata > idp_metadata/spid-testenv-identityserver.xml
Log server IdP
* Running on http://0.0.0.0:8088/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 248-046-564
--------------------------------------------------------------------------------
INFO in spid-testenv [spid-testenv.py:443]:
Http-Redirect
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
DEBUG in spid-testenv [spid-testenv.py:465]:
AuthnRequest: <?xml version='1.0' encoding='UTF-8'?>
<ns0:AuthnRequest xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" AssertionConsumerServiceIndex="0" AttributeConsumingServiceIndex="1" Destination="http://spid-testenv:8088/sso" ID="4fffd36a595c1a487d0a7dfcb8540fba" IssueInstant="2018-06-20T13:32:10Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><ns1:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="http://spid-perl.lvh.me:3000/">http://spid-perl.lvh.me:3000/</ns1:Issuer><ns0:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" /><ns0:RequestedAuthnContext Comparison="minimum"><ns1:AuthnContextClassRef>https://www.spid.gov.it/SpidL1</ns1:AuthnContextClassRef></ns0:RequestedAuthnContext></ns0:AuthnRequest>
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
DEBUG in spid-testenv [spid-testenv.py:469]:
Messaggio SAML firmato.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
DEBUG in spid-testenv [spid-testenv.py:479]:
security backend: RSACrypto
--------------------------------------------------------------------------------
127.0.0.1 - - [20/Jun/2018 15:32:11] "GET /sso?SAMLRequest=nVNLb%2BIwEL73V1i%2Bkzi8mrUAiYJWRWq3tKA99GaSCViK7axnAvTfrwmUBQlx2JvlmW%2B%2Bh8cDVKZsV3Jc08Z%2BwJ8akNgYETxpZyfOYm3AL8BvdQYzm8N%2ByAVnc%2B%2FIZa580jbXdj3ktbfSKdQorTKAkjK5GL%2B%2ByHYk5OrYhPJ5uZy35m%2BLJWdjIq9XNcGRIpSvORLOfoPHoGHIwwzOZtMh7xZFkXf6qvejlyWqmz7mQj3mRbZKe11RrBRn0yBfW0UNbkNUyTjGSuctCgWwW5mKNI0RXRiIWAc2JGUpcIgkbYl%2Bqy2WSUd22jIRn5ztTWlRHiO677E6BXKFuQ9R3ynz0aBpl40kz346bxTdBx9ugq2iaZVgSdMXZ7%2FC7XutSl1o8NcBVODLqNxuIgOyI4SI%2BehueRBfajoprOSBYTadu1JnX%2F8hlLyyqIPc4Dm%2BMfLMc1pFyJvFDEtCsCc2caZSXuPhdcPOaFObc3iXjZMyhPsBRWMRg8fdbhcdfEZrt400xYtwfkm%2BPd6EnvXdlPKvfPlzRg9%2FAQ%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ex38KECFkJfWUgl9VPsE9cGR9pewG584AGFSm5psIospj8B%2FENJ%2F4anY4dOSqiZaB0YzJg4HJ9cE48cZrCG1UhNkGAVew99d1ANHjtWODnbRIdFcGv7sc80ypn2bNN67OxMHFI7OFdukhhBcUOQx9PGb%2Fsu%2Fh180I9LJlgJgf84%3D HTTP/1.1" 200 -
127.0.0.1 - - [20/Jun/2018 15:32:11] "GET /favicon.ico HTTP/1.1" 404 -
Log Service Provider
>> Dancer2 v0.206000 server 21023 listening on http://0.0.0.0:3000
>> Dancer2::Plugin::SPID (0.10)
[main:21023] debug @2018-06-20 15:32:09> file error - 404.tt: not found in /home/dalzhe/perl5/lib/perl5/Dancer2/Core/Error.pm l. 254
[main:21023] debug @2018-06-20 15:32:09> file error - 404.tt: not found in /home/dalzhe/perl5/lib/perl5/Dancer2/Core/Error.pm l. 254
<saml2p:AuthnRequest AssertionConsumerServiceIndex="0" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AttributeConsumingServiceIndex="1" Version="2.0" ID="4fffd36a595c1a487d0a7dfcb8540fba" Destination="http://spid-testenv:8088/sso" IssueInstant="2018-06-20T13:32:10Z" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="http://spid-perl.lvh.me:3000/">http://spid-perl.lvh.me:3000/</saml2:Issuer><saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"></saml2p:NameIDPolicy><saml2p:RequestedAuthnContext Comparison="minimum"><saml2:AuthnContextClassRef>https://www.spid.gov.it/SpidL1</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext></saml2p:AuthnRequest>
metadata.xml del service provider
<?xml version="1.0"?>
<md:EntityDescriptor
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="http://spid-perl.lvh.me:3000/"
ID="_61af42f-12bd-4a1a-974c-47bc24a8678e">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
AuthnRequestsSigned="true"
WantAssertionsSigned="true">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDKjCCApOgAwIBAgIEZ4SpojANBgkqhkiG9w0BAQQFADCBqjEMMAoGA1UEAxMD
ZGV2MT4wPAYDVQQLFDVTU08gRGVwdCBaWElEIEF1dG8tQ2VydCBodHRwOi8vZGV2
L2NnaS1iaW4venhpZGhsby5wbDErMCkGA1UEChQiVW5zcGVjaWZpZWQgT1JHX05B
TUUgY29uZiB2YXJpYWJsZTEPMA0GA1UEBxQGTGlzYm9hMQ8wDQYDVQQIFAZMaXNi
b2ExCzAJBgNVBAYUAlBUMB4XDTcwMDEwMTAwMDAwMFoXDTM4MDExOTAzMTQwN1ow
gaoxDDAKBgNVBAMTA2RldjE+MDwGA1UECxQ1U1NPIERlcHQgWlhJRCBBdXRvLUNl
cnQgaHR0cDovL2Rldi9jZ2ktYmluL3p4aWRobG8ucGwxKzApBgNVBAoUIlVuc3Bl
Y2lmaWVkIE9SR19OQU1FIGNvbmYgdmFyaWFibGUxDzANBgNVBAcUBkxpc2JvYTEP
MA0GA1UECBQGTGlzYm9hMQswCQYDVQQGFAJQVDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAw1UsriZr4p3wcSl6xoJ/45FL1loKjRBMcmCt49hUnSEk79isADK6
Wb/OOzDOwe3Fsu4O3vXB5iPwWmc6pZrrM1gfml8oT5xEbaDLrE3/SWiEuPcpED+L
nOiOLfLYKTO5MyXHrcNhGsqLrGFkmEAACECiR/l7+Co0BfNrMOgwiAMCAwEAAaNb
MFkwDwYDVR0TBAgwBgEB/wIBAzARBglghkgBhvhCAQEEBAMCAPcwCwYDVR0PBAQD
AgH+MCYGCWCGSAGG+EIBDQQZFhdBdXRvLUNlcnQsIHNlZSB6eGlkLm9yZzANBgkq
hkiG9w0BAQQFAAOBgQB6ItQUkq4Ehd6j9JVBkX7hD8zDk7cahTU6u3edZmRr3CAa
yYKMcLPSuy2sNzV4EmpB+MU6vd98VFrkNV1g3UXgjj7IXmaOudMIUtJEd7oLWc8n
RUDLIiCOatwFV5KeI+B0MjtSyPWFbSz6zg2MSpxKPZcMAeMdIRsIKZ+v3AQHuw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDKjCCApOgAwIBAgIEZ4SpojANBgkqhkiG9w0BAQQFADCBqjEMMAoGA1UEAxMD
ZGV2MT4wPAYDVQQLFDVTU08gRGVwdCBaWElEIEF1dG8tQ2VydCBodHRwOi8vZGV2
L2NnaS1iaW4venhpZGhsby5wbDErMCkGA1UEChQiVW5zcGVjaWZpZWQgT1JHX05B
TUUgY29uZiB2YXJpYWJsZTEPMA0GA1UEBxQGTGlzYm9hMQ8wDQYDVQQIFAZMaXNi
b2ExCzAJBgNVBAYUAlBUMB4XDTcwMDEwMTAwMDAwMFoXDTM4MDExOTAzMTQwN1ow
gaoxDDAKBgNVBAMTA2RldjE+MDwGA1UECxQ1U1NPIERlcHQgWlhJRCBBdXRvLUNl
cnQgaHR0cDovL2Rldi9jZ2ktYmluL3p4aWRobG8ucGwxKzApBgNVBAoUIlVuc3Bl
Y2lmaWVkIE9SR19OQU1FIGNvbmYgdmFyaWFibGUxDzANBgNVBAcUBkxpc2JvYTEP
MA0GA1UECBQGTGlzYm9hMQswCQYDVQQGFAJQVDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAw1UsriZr4p3wcSl6xoJ/45FL1loKjRBMcmCt49hUnSEk79isADK6
Wb/OOzDOwe3Fsu4O3vXB5iPwWmc6pZrrM1gfml8oT5xEbaDLrE3/SWiEuPcpED+L
nOiOLfLYKTO5MyXHrcNhGsqLrGFkmEAACECiR/l7+Co0BfNrMOgwiAMCAwEAAaNb
MFkwDwYDVR0TBAgwBgEB/wIBAzARBglghkgBhvhCAQEEBAMCAPcwCwYDVR0PBAQD
AgH+MCYGCWCGSAGG+EIBDQQZFhdBdXRvLUNlcnQsIHNlZSB6eGlkLm9yZzANBgkq
hkiG9w0BAQQFAAOBgQB6ItQUkq4Ehd6j9JVBkX7hD8zDk7cahTU6u3edZmRr3CAa
yYKMcLPSuy2sNzV4EmpB+MU6vd98VFrkNV1g3UXgjj7IXmaOudMIUtJEd7oLWc8n
RUDLIiCOatwFV5KeI+B0MjtSyPWFbSz6zg2MSpxKPZcMAeMdIRsIKZ+v3AQHuw==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://spid-perl.lvh.me:3000/spid-slo" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT"
Location="http://spid-perl.lvh.me:3000/spid-sso"
index="0"
isDefault="true" />
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="it">Prova SPID</md:ServiceName>
<md:ServiceDescription xml:lang="it">SPID di prova</md:ServiceDescription>
<md:RequestedAttribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
</md:EntityDescriptor>
Ho un problema con la creazione dell'ambiente di test con spid-testenv2
Di seguito riporto le configurazioni
spid-testenv2/config.yaml
spid-perl-dancer/config.yml
Il metadata dell'IdP l'ho generato direttamente in questo modo
Log server IdP
Log Service Provider
metadata.xml del service provider