I have an application that I'm trying to integrate with Federated Security -- specifically, Siteminder. I'm using the PHP-SAML toolkit found here: https://github.com/onelogin/php-saml
I have the x509 cert included in the application, and all works well, until encryption is turned on in the Siteminder environment. Once that was turned on, I was no longer able to log in -- I received this message: Invalid SAML response: Cannot locate Signature Node
I've been able to determine that the SAML assertion being sent to the application, from Siteminder, is encrypted. I'm able to see the assertion (sample included below). Unfortunately, I can't figure out how to decrypt that message, so that I can then parse and use in my application.
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="{VALUE HERE}"
ID="_076e8f69ec4adb3b72f0cc76570527222e37"
IssueInstant="2013-01-15T18:18:48Z"
Version="2.0"
>
<ns1:Issuer xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
>{VALUE HERE}</ns1:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</Status>
<ns2:EncryptedAssertion xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Type="http://www.w3.org/2001/04/xmlenc#Element"
>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<xenc:CipherData>
<xenc:CipherValue>{VALUE HERE}</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<ds:X509Data>
<ds:X509Certificate>
{CERTIFICATE HERE}
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>{VALUE HERE}</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</ns2:EncryptedAssertion>
</Response>
If anyone can help, that would be amazing.
