I've used gosaml and go-saml packages from github to build an IdP in revel. Both packages use xmlsec to take the private key to fill in the signed SAML but when trying to authenticate with Google I get the following error: "Google Apps - This account cannot be accessed because we could not parse the login request." I've used two different servers, windows and linux to verify that it wasn't an issue with the xmlsec, modified variations of the response from bitium, and okta. Built keys from openSSL and OneLogin test tools. Here is the rendered SAML after being extracted from SAML Trace on Firefox that results in the error:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlsig="http://www.w3.org/2000/09/xmldsig#"
Destination="https://www.google.com/a/wikiplays.org/acs"
ID="_b521e7bc-9917-4c18-7e89-25032fb49278"
Version="2.0"
IssueInstant="2015-10-14T05:42:57.6982498Z"
InResponseTo="ncgobkpepepgfjhanlpafamijhhpklilagehhfee"
>
<saml:Issuer>http://104.175.190.209</saml:Issuer>
<samlsig:Signature Id="Signature1">
<samlsig:SignedInfo>
<samlsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<samlsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<samlsig:Reference URI="#_b521e7bc-9917-4c18-7e89-25032fb49278">
<samlsig:Transforms>
<samlsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</samlsig:Transforms>
<samlsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<samlsig:DigestValue>n9fNsHr4zU9oR6Ycjx1jAdzzb64=</samlsig:DigestValue>
</samlsig:Reference>
</samlsig:SignedInfo>
<samlsig:SignatureValue>YG9ZHBkr5NMm4b5N0NOnasgiLR5U17o9jMTrx6wXtklqx8DxV1uiI7siFRFlsnLy
wk+htqAOhMmTX/pSye6gbIO0xVBNlcRGuMF9uf4CE8dunbQx6cy3nVTKI0MKQtBq
Wpsu6y/v/z/xa+Xg4DDaEprgxi2NwlDOedZ+deUnA54=</samlsig:SignatureValue>
<samlsig:KeyInfo>
<samlsig:X509Data>
<samlsig:X509Certificate>MIICZjCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBQMQswCQYDVQQ GEwJ1czET
MBEGA1UECAwKQ0FMSUZPUk5JQTEPMA0GA1UECgwGWmVhbG90MRswGQYDVQQDDBJ6
ZWFsb3RuZXR3b3Jrcy5jb20wHhcNMTUxMDEzMDMyMDAxWhcNMjUxMDEwMDMyMDAx
WjBQMQswCQYDVQQGEwJ1czETMBEGA1UECAwKQ0FMSUZPUk5JQTEPMA0GA1UECgwG
WmVhbG90MRswGQYDVQQDDBJ6ZWFsb3RuZXR3b3Jrcy5jb20wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAMZJ+2Yg2hg0gBI+O9eglZ5pwvC7CXjaN+R4ZCpOm9w3
82iidvdeWzHxEXpkmEgSPSbot9AO9LhiL0io5vJ9ro6Xh87x/5zuB9IxnFtSAH9S
K4LA4A7lhpA5HrhDUYBIUksqyIc+TBUXA+Blpexs9b5fcjkzN2iVFyBWR2xn17Hl
AgMBAAGjUDBOMB0GA1UdDgQWBBQ7o5RDaoy91nhHgLt8L2YilDlCkjAfBgNVHSME
GDAWgBQ7o5RDaoy91nhHgLt8L2YilDlCkjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBDQUAA4GBAEFxqDwc2X/cP6YX8neW1AgBxZ4AOAlJ9YgRKQKDuHzOJX22s2ah
65XCA16Tnw8xG0AdZUU5dn07Y05EYgYW+cktvitT9fNTdpJ9JDnGB1KAlVqGlB7d
oIn8BV7bDA+YkeAgH98UE6OOEkNYnygkg2eT9H0FoyXkMyiizixeH8BO</samlsig:X509Certificate>
</samlsig:X509Data>
</samlsig:KeyInfo>
</samlsig:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
ID="_f7437494-03ce-4eb1-483c-169f43f6e1f7"
Version="2.0"
IssueInstant="2015-10-14T05:42:57.6982498Z"
>
<saml:Issuer>http://104.175.190.209</saml:Issuer>
<saml:Subject>
<saml:NameID SPNameQualifier="google.com/a/wikiplays.org"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:email"
>vince@wikiplays.org</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="ncgobkpepepgfjhanlpafamijhhpklilagehhfee"
NotOnOrAfter="2015-10-14T05:47:57.6982498Z"
Recipient="https://www.google.com/a/wikiplays.org/acs"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2015-10-14T05:37:57.6982498Z"
NotOnOrAfter="2015-10-14T05:47:57.6982498Z"
/>
<saml:AttributeStatement>
<saml:Attribute Name="Email"
FriendlyName="Email Address"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml:AttributeValue xsi:type="xs:string">vince@wikiplays.org</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>