We recently upgraded our lxml from 4.6.4 to 4.7.1 and suddenly there were some SSO issues:
OneLogin works fine, but when a client logs in from an ADFS instance, they get the message that "A valid SubjectConfirmation was not found on this Response".
Moving back to 4.6.4 resolves this issue.
The configuration:
return {
'strict': True,
'debug': True,
'sp': {
'entityId': f'{servername}/saml/metadata/{self.logincode}',
'assertionConsumerService': {
'url': f'{servername}/saml/acs/{self.logincode}',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
},
'singleLogoutService': {
'url': f'{servername}/saml/sls/{self.logincode}',
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
},
'NameIDFormat': 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'x509cert': '',
'privateKey': '',
},
'idp': {
'entityId': self.idprovider_entity_id,
'singleSignOnService': {
'url': self.idprovider_url,
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
},
'singleLogoutService': {
'url': self.idprovider_url, # TODO: add SLO url property
'binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
},
'x509cert': self.x509certificate,
},
'security':
{
'signatureAlgorithm': 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'digestAlgorithm': 'http://www.w3.org/2001/04/xmlenc#sha256',
'requestedAuthnContext': False,
},
}
We recently upgraded our lxml from 4.6.4 to 4.7.1 and suddenly there were some SSO issues:
OneLogin works fine, but when a client logs in from an ADFS instance, they get the message that "A valid SubjectConfirmation was not found on this Response".
Moving back to 4.6.4 resolves this issue.
The configuration: