xmltooling::XMLParserException - Testshib.org & SimpleSAMLphp SAML IdP

James McClune mcclunej at norwalktruckers.net
Mon May 22 10:05:52 EDT 2017


Hello Everyone,

I'm trying to implement SAML SSO via SimpleSAMLphp. I have the 
SimpleSAMLphp implementation operational. However, I'm having trouble 
when testing on an external SP. I have SimpleSAMLphp acting as an IdP 
(with an AD backend integrated). I want to authenticate to 
https://sp.testshib.org or https://sptest.iamshowcase.com via their 
test SP. Every time I try, I always get XML parsing errors. For 
instance, 

testshib.org

xmltooling::XMLParserException
xmltooling::XMLParserException at 
(https://sp.testshib.org/Shibboleth.sso/SAML2/POST) XML error(s) during 
parsing, check log for specifics

Here is the log from testshib.org:

<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:xs="http://www.w3.org/2001/XMLSchema" 
ID="_e50d3daed1da36fe676136acc4a86cf160cef9e387" Version="2.0" 
IssueInstant="2017-05-22T13:42:09Z"><saml:Issuer>https://sso.norwalktruckers.net</saml:Issuer><ds:Signature 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo><ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference 
URI="#_e50d3daed1da36fe676136acc4a86cf160cef9e387"><ds:Transforms><ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>8tN6zHShRFJ8YjCfGhaGZLtc0n0=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>TSKGOzDEtV8HENdMxhuXj5RBF9bq7WCJGHpdf5eRysm3MZu32itLHpURU637k2eI58Wd2HEwe9d9fjIy5yApT/XWaDMxNeGIeuffl8VNJqAsxC8pYWN/TxkkwfvnLQMdSmbaUNtD0MY38p2xrL8h23K/MFOt4oQI7NLoyWERUAINico96ypW7zmpy7YMZOspOnPI+Um7oIp3DI5wOJsiwT1TsqVhNFX+ybPLV/eA7mC2rSdMciS8WGPsIjZ58iiIZ8UWItJbhGDJcCifrgOGLdllIBczajLQWuK9gFbVe9TeX9MoTy6kUF74unp+B5zDWdwtxxzcnBLn7TEuoG6d5A==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEKzCCAxOgAwIBAgIJAL9eaVq+ZJTxMA0GCSqGSIb3DQEBCwUAMIGrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCT0gxEDAOBgNVBAcMB05vcndhbGsxJTAjBgNVBAoMHE5vcndhbGsgQ2l0eSBTY2hvb2wgRGlzdHJpY3QxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzc28ubm9yd2Fsa3RydWNrZXJzLm5ldDEnMCUGCSqGSIb3DQEJARYYaGVscEBub3J3YWxrdHJ1Y2tlcnMubmV0MB4XDTE3MDUxODEyNDMyOVoXDTI3MDUxODEyNDMyOVowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJPSDEQMA4GA1UEBwwHTm9yd2FsazElMCMGA1UECgwcTm9yd2FsayBDaXR5IFNjaG9vbCBEaXN0cmljdDELMAkGA1UECwwCSVQxIDAeBgNVBAMMF3Nzby5ub3J3YWxrdHJ1Y2tlcnMubmV0MScwJQYJKoZIhvcNAQkBFhhoZWxwQG5vcndhbGt0cnVja2Vycy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0PUu7qj3zx8On5eeJ1VSsexQCQ281AMu/IrOi8XKzFqwZd9xfv8CgrpaJLpjTAf7QuLZRcm77yAjN/CGkktaszBolikFsjoJrvSoMmkjjJTM6LMMuxgcsNfw3D8gUQmr7agxKPlNXK7ElDPvskYQl7Eg3EcR753dFhVA9ivke7UFmVBtlCKyT9E+S43Sb4bOsjidn6BMUue41vcBjLKGhG8vuq5fXD6CuEpzk7FQYH4PHeO8l1BLyavB5Zo3GaPeoKl8c/CXG2l/qwHUfcbI4msyL/bLtcR8sSvp/+8YVZF8m4lHxHhHGZWg+cw3VwX15KRRCzt/XJdc5ZHX7VAVHAgMBAAGjU
DBOMB0GA1UdDgQWBBTD/bseunHr1VQcO5kytY0pv5GCIDAfBgNVHSMEGDAWgBTD/bseunHr1VQcO5kytY0pv5GCIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCtN+OBoVitVeIvwkckLJX8o+igEypU8BaJY2bRHhyY1OUabXxFDLo8sdjoybtWWqUYM7AuwKYGbHsZKKPDHMXcnDANczWrensKzR1UpbDxFYTlzKl8+WaOZJeu68VEJ+IXwjIEfjj1y+4aF9O4jBWyLKjwxSzVIbrE6NyYpJ5SbZAiL2BNzxo8FyR8FcwdarJrc2aOYjaRxf6r073DHMt4bfvR6JXscYp8QezQgeeJcNBQie+IMTAKn7Z5UMs51H0FFcaQK6QVuZh29rotLPjynLDxoBunGnKUF6KH1LRinSFg4GIe/MlPcj53b/+T0G53g9jF1KfkXq1cUpUzlpxD</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID 
SPNameQualifier="https://sp.testshib.org/shibboleth-sp" 
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_db78c073ad53c8e96acb09dbccb0f6116ac21ff634</saml:NameID><saml:SubjectConfirmation 
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData 
NotOnOrAfter="2017-05-22T13:47:09Z" 
Recipient="https://sp.testshib.org/Shibboleth.sso/SAML2/POST" 
InResponseTo="_77a05948172a2f1ef1fb9628659b468b"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions 
NotBefore="2017-05-22T13:41:39Z" 
NotOnOrAfter="2017-05-22T13:47:09Z"><saml:AudienceRestriction><saml:Audience>https://sp.testshib.org/shibboleth-sp</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement 
AuthnInstant="2017-05-22T13:42:09Z" 
SessionNotOnOrAfter="2017-05-22T21:42:09Z" 
SessionIndex="_a0840c4c2b127964fa19229c005e586753f5ab1e19"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute 
Name="objectClass" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">top</saml:AttributeValue><saml:AttributeValue 
xsi:type="xs:string">person</saml:AttributeValue><saml:AttributeValue 
xsi:type="xs:string">organizationalPerson</saml:AttributeValue><saml:AttributeValue 
xsi:type="xs:string">user</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="cn" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">George 
Tester</saml:AttributeValue></saml:Attribute><saml:Attribute Name="sn" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">Tester</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="description" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">5/10/17 - Test User for SSO 
Applications</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="givenName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">George</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="distinguishedName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">CN=George 
Tester,OU=SSO,OU=x,OU=x,OU=x,DC=x,DC=x</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="instanceType" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">4</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="whenCreated" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">20170510145644.0Z</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="whenChanged" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">20170515184526.0Z</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="displayName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">George 
Tester</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="uSNCreated" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">119689111</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="uSNChanged" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">119849940</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="name" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">George 
Tester</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="objectGUID" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">kGFnbfxwqUyQrQAGMutkrA==</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="userAccountControl" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">66048</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="codePage" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">0</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="countryCode" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">0</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="pwdLastSet" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">131390881199816231</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="primaryGroupID" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">513</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="objectSid" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string"></saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="accountExpires" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">9223372036854775807</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="sAMAccountName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">gtester</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="sAMAccountType" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">805306368</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="userPrincipalName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">gtester at x</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="objectCategory" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">CN=Person,CN=Schema,CN=x,DC=x,DC=x</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="dSCorePropagationData" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">16010101000000.0Z</saml:AttributeValue></saml:Attribute><saml:Attribute 
Name="lastLogonTimestamp" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue 
xsi:type="xs:string">131393475263406091</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
2017-05-22 09:42:10 ERROR XMLTooling.ParserPool [1440]: fatal error on 
line 9, column 6612, message: invalid character 0x1

I uploaded all of the correct metadata relating to the IdP on the 
testshib.org end. I also configured my saml20-sp-remote.php file 
correctly with the SP metadata information. 

I am very new to the SAML concept. I think the metadata XML is wrong, 
when referencing other posts similar to this. However, I am still 
learning the ropes and unsure where to begin. 

Any help is much appreciated! Thanks.

- Jimmy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170522/613e9810/attachment.html>


More information about the users mailing list