I2 IC-Ruby with openinfocard

From OSIS Open Source Identity Systems

Jump to: navigation, search

Got the message "Could not login with information card.".

This the assertion that was sent: 

<saml:Assertion 
 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
 MajorVersion="1" MinorVersion="1" AssertionID="uuid-E1B7D7F3-533D-DF7F-A521-841AFBCD2606"
 Issuer="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" 
 IssueInstant="2007-10-23T13:06:23Z">
 <saml:Conditions NotBefore="2007-10-23T13:01:23Z" NotOnOrAfter="2007-10-23T13:16:23Z">
  <saml:AudienceRestrictionCondition>
   <saml:Audience>https://www.informationcardruby.com/session</saml:Audience>
  </saml:AudienceRestrictionCondition>
 </saml:Conditions>
 <saml:AttributeStatement>
  <saml:Subject>
   <saml:SubjectConfirmation>
     <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
   </saml:SubjectConfirmation>
  </saml:Subject>
   <saml:Attribute AttributeName="givenname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
    <saml:AttributeValue>Axel</saml:AttributeValue>
  </saml:Attribute>
  <saml:Attribute AttributeName="surname" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
   <saml:AttributeValue>Nennker</saml:AttributeValue>
  </saml:Attribute>
  <saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
   <saml:AttributeValue>axel@nennker.de</saml:AttributeValue>
  </saml:Attribute>
  <saml:Attribute AttributeName="privatepersonalidentifier" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
   <saml:AttributeValue>aEloc3lQR0JjUEY4QXhvZElWYUJZdFFZSmZqOE9uVjIySHl3ZDN3cC9rbz0=</saml:AttributeValue>
  </saml:Attribute>
 </saml:AttributeStatement>
 <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
   <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
   <dsig:Reference URI="#uuid-E1B7D7F3-533D-DF7F-A521-841AFBCD2606">
     <dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
     <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    </dsig:Transforms>
    <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <dsig:DigestValue>WHpwRhY+ZtR+WDkFqOI4cOdwpkE=</dsig:DigestValue>
   </dsig:Reference>
  </dsig:SignedInfo>
  <dsig:SignatureValue>QJoUovMDynM3nIU8fKL+FGFlSmJiQPB1hu1O5dAouHQKNNmbhPZiv3bDZIRxBC9/gMMRRXNCjITeRXivqsHmc6u0lofWIGmb8JMWTHykS1VuBLlCHmqOUJuNpAEr+xrsnRI6Ig5GR9m1rEdSKY1Q8nAwPsHcltL958mjj1n96QrjTfk6f52oGM8lX0FnhYlqUCs1eldS0mTiSmAMBhXnAuJjwci9QzHLTP7r61ZCHmEI3fTgW3xBihWllgpuYmHbHU06pVcU65k3yjRaeUwPSb+F/2aiZmv//UaGEvTuDKvUeS4F0oVUMwtPR8vui9Hd9uYStQVY8pb+7PaBLAtryQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>rS5LhtKz1OVRfRfoy6BNYZfR+NXKG2bLf4KUB5wcw2J3EH5ZoRp0d7BPqRNteZbnkUvXNv6DXst0fpnt+KfqDj9IgHJOA3CuyxdZntyWLz5fI7tcBdzgIKQCXQK3y0PqH2/XJj50yAV+YtmRsC435wFglw/oZmzodZTEH/AVoi6jf7OM8b2OYl3Is/z/q4E0FdrXg74OqAOWGvL3+ZwsJcD42yos4uz+L0RTcAbQ4kZ8Fqw+sfCshfexcqQiI7RKuA/wCzOflOzXl7Bg6gf61stPspJ/sk1HrxJmzTMIliBz2/ulfTP51e7FlZPIsxRl02QMYpezIzNQS2gDcg54Ww==</dsig:Modulus>
     <dsig:Exponent>AQAB</dsig:Exponent>
    </dsig:RSAKeyValue>
   </dsig:KeyValue>
  </dsig:KeyInfo>
 </dsig:Signature>
</saml:Assertion>

Tested by Axel Nennker with

Retrieved from "http://osis.idcommons.net/wiki/I2_IC-Ruby_with_openinfocard"