I am developing an idp server. I am working on a project that interprets samlrequest from sp, creates samlresponse and sends it to sp. The response itself has been completed, but I am constantly encountering validation errors. "Response doesn't have any valid assertion which would pass subject validation" The sp server does not provide detailed logs on why the response I sent was not validated... When I checked the response I sent using the onelogin response validate tool, I checked “THE SAML RESPONSE IS VALID.”
The only way to check whether SSO can be successful with my response form is to try to send the same response as ssocircle's response (since ssocircle is linked to the SP you are trying to connect to). The only difference between my assertiondata and sso's assertiondata is the space and line breaks between the SignatureValue and X509Certificate tags and the data. I wonder if this can affect the response assertion validation.
This is the response form I am sending.(Assertion)
**<ds:SignatureValue>
blablablablablablabla</ds:SignatureValue>**
<ds:KeyInfo>
<ds:X509Data>
**<ds:X509Certificate>blablabla
blablablablablablablabla
blablablablablablablabla
blablablablablablablabla</ds:X509Certificate>**
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
and this is ssocircle's response
**<ds:SignatureValue>
blablablablablablablabla
blablablablablablablabla
blablablablablablablabla
</ds:SignatureValue>**
<ds:KeyInfo>
<ds:X509Data>
**<ds:X509Certificate>
blablablablablablablabla
blablablablablablablabla
blablablablablablablabla
blablablablablablablabla
blablablablablablablabla
</ds:X509Certificate>**
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>