Add validation test, including a failing example

package.yaml

@@ -49,8 +49,8 @@ library:
     - -W
 
 tests:
-  parser:
-    main: Parser.hs
+  wai-saml2-test:
+    main: spec.hs
     source-dirs: tests
     ghc-options: -Wall -Wcompat
     dependencies:
@@ -59,6 +59,9 @@ tests:
       - filepath
       - pretty-show
       - tasty
+      - tasty-expected-failure
       - tasty-golden
+      - tasty-hunit
+      - transformers
       - wai-saml2
       - xml-conduit

stack-lts-16.1.yaml

@@ -3,7 +3,7 @@ packages:
   - .
 
 extra-deps:
-  - c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
   - crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
   - crypton-x509-1.7.6
   - crypton-x509-store-1.6.9
+  - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163

stack-lts-16.1.yaml.lock

@@ -4,37 +4,37 @@
 #   https://docs.haskellstack.org/en/stable/lock_files
 
 packages:
-- completed:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
-    pantry-tree:
-      sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
-      size: 285
-  original:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:
-      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
       size: 23320
+      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
   original:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
 - completed:
     hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
     pantry-tree:
-      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
       size: 1080
+      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
   original:
     hackage: crypton-x509-1.7.6
 - completed:
     hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
     pantry-tree:
-      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
       size: 406
+      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
   original:
     hackage: crypton-x509-store-1.6.9
+- completed:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+    pantry-tree:
+      size: 285
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+  original:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 snapshots:
 - completed:
-    sha256: 954b6b14b0c8130732cf4773f7ebb4efc9a44600d1a5265d142868bf93462bc6
     size: 531237
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/16/1.yaml
+    sha256: 954b6b14b0c8130732cf4773f7ebb4efc9a44600d1a5265d142868bf93462bc6
   original: lts-16.1

stack-lts-17.14.yaml

@@ -4,7 +4,7 @@ packages:
   - .
 
 extra-deps:
-  - c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+  - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
   - crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
   - crypton-x509-1.7.6
   - crypton-x509-store-1.6.9

stack-lts-17.14.yaml.lock

@@ -5,36 +5,36 @@
 
 packages:
 - completed:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
     pantry-tree:
-      sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
       size: 285
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
   original:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:
-      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
       size: 23320
+      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
   original:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
 - completed:
     hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
     pantry-tree:
-      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
       size: 1080
+      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
   original:
     hackage: crypton-x509-1.7.6
 - completed:
     hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
     pantry-tree:
-      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
       size: 406
+      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
   original:
     hackage: crypton-x509-store-1.6.9
 snapshots:
 - completed:
-    sha256: 3740f22286bf5e6e3d82f88125e1c708b6e27847211f956b530aa5d83cf39383
     size: 567677
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/17/14.yaml
+    sha256: 3740f22286bf5e6e3d82f88125e1c708b6e27847211f956b530aa5d83cf39383
   original: lts-17.14

stack-lts-18.yaml

@@ -4,3 +4,4 @@ extra-deps:
   - crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
   - crypton-x509-1.7.6
   - crypton-x509-store-1.6.9
+  - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163

stack-lts-18.yaml.lock

@@ -7,27 +7,34 @@ packages:
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:
-      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
       size: 23320
+      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
   original:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
 - completed:
     hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
     pantry-tree:
-      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
       size: 1080
+      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
   original:
     hackage: crypton-x509-1.7.6
 - completed:
     hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
     pantry-tree:
-      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
       size: 406
+      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
   original:
     hackage: crypton-x509-store-1.6.9
+- completed:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+    pantry-tree:
+      size: 285
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+  original:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 snapshots:
 - completed:
-    sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
     size: 590100
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/18/28.yaml
+    sha256: 428ec8d5ce932190d3cbe266b9eb3c175cd81e984babf876b64019e2cbe4ea68
   original: lts-18.28

stack-lts-19.yaml

@@ -4,3 +4,4 @@ extra-deps:
   - crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
   - crypton-x509-1.7.6
   - crypton-x509-store-1.6.9
+  - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163

stack-lts-19.yaml.lock

@@ -7,27 +7,34 @@ packages:
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:
-      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
       size: 23320
+      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
   original:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
 - completed:
     hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
     pantry-tree:
-      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
       size: 1080
+      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
   original:
     hackage: crypton-x509-1.7.6
 - completed:
     hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
     pantry-tree:
-      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
       size: 406
+      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
   original:
     hackage: crypton-x509-store-1.6.9
+- completed:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+    pantry-tree:
+      size: 285
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+  original:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 snapshots:
 - completed:
-    sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
     size: 619204
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/19/33.yaml
+    sha256: 6d1532d40621957a25bad5195bfca7938e8a06d923c91bc52aa0f3c41181f2d4
   original: lts-19.33

stack-lts-20.yaml

@@ -4,3 +4,4 @@ extra-deps:
   - crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
   - crypton-x509-1.7.6
   - crypton-x509-store-1.6.9
+  - c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163

stack-lts-20.yaml.lock

@@ -7,27 +7,34 @@ packages:
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:
-      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
       size: 23320
+      sha256: 0d73be1794796e4c87e1a20198109ec7364eee8c54dd6cf6c4d202f1f6ca3ac0
   original:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
 - completed:
     hackage: crypton-x509-1.7.6@sha256:c567657a705b6d6521f9dd2de999bf530d618ec00f3b939df76a41fb0fe94281,2339
     pantry-tree:
-      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
       size: 1080
+      sha256: 729e7db8dfc0a8b43e08bbd8d1387c9065e39beda6ac39e0fb9f10140810a3eb
   original:
     hackage: crypton-x509-1.7.6
 - completed:
     hackage: crypton-x509-store-1.6.9@sha256:422b9b9f87a7382c66385d047615b16fc86a68c08ea22b1e0117c143a2d44050,1750
     pantry-tree:
-      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
       size: 406
+      sha256: 87654d130a7f987ee139c821a1be45736d18df9fa4cb1142c4e054d3802338f3
   original:
     hackage: crypton-x509-store-1.6.9
+- completed:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
+    pantry-tree:
+      size: 285
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
+  original:
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 snapshots:
 - completed:
-    sha256: e63b43d506918278d05cd1448bd19352ab2faa9b8e9d64ce527b56f1a7fba149
     size: 650255
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/25.yaml
+    sha256: e63b43d506918278d05cd1448bd19352ab2faa9b8e9d64ce527b56f1a7fba149
   original: lts-20.25

stack.yaml.lock

@@ -5,12 +5,12 @@
 
 packages:
 - completed:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
     pantry-tree:
-      sha256: 67187305166a25d10cb133378ae89c3d76d51ee756edd757a84f71f176eb61e7
+      sha256: 86277e6f592859bb078ebac3fa6d71880f0079858c1f1ca64c38885586e1b4f8
       size: 285
   original:
-    hackage: c14n-0.1.0.1@sha256:c56a513c1363d126ee704656b59d2e2af1cfe878587a97cb69ab0122b82e2d4d,1371
+    hackage: c14n-0.1.0.3@sha256:71d230741cbe6023e3b3ef43c4acf79d18cc3631d956b2261e4a170302baaebc,1163
 - completed:
     hackage: crypton-0.31@sha256:c0e4aa081bd65d1cb415358ec43e83e7fe703c83b633243a89162bd6eb865850,18286
     pantry-tree:

tests/Parser.hs

@@ -1,6 +1,9 @@
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE AllowAmbiguousTypes #-}
 {-# LANGUAGE TypeApplications #-}
+
+module Parser where
+
 import Network.Wai.SAML2.EntityDescriptor
 import Network.Wai.SAML2.Response
 import Network.Wai.SAML2.XML
@@ -18,8 +21,8 @@ run src = do
     resp <- parseXML (fromDocument doc)
     pure $ BC.pack $ ppShow (resp :: t)
 
-main :: IO ()
-main = defaultMain $ testGroup "Parse SAML2 response"
+tests :: TestTree
+tests = testGroup "Parse SAML2 response"
     [ mkGolden @Response $ prefix </> "keycloak.xml"
     , mkGolden @Response $ prefix </> "okta.xml"
     , mkGolden @Response $ prefix </> "google.xml"

tests/Validation.hs

@@ -0,0 +1,53 @@
+module Validation where
+
+import Control.Monad.Trans.Except
+import Crypto.PubKey.RSA (PublicKey)
+import qualified Data.ByteString as B
+import qualified Data.ByteString.Base64 as Base64
+import Data.Time.Format.ISO8601
+import qualified Data.X509 as X509
+import qualified Data.X509.Memory as X509
+import Network.Wai.SAML2
+import Network.Wai.SAML2.Validation
+import System.FilePath
+import Test.Tasty
+import Test.Tasty.ExpectedFailure
+import Test.Tasty.HUnit
+
+-- | Get a public key from a X.509 certificate
+parseCertificate :: B.ByteString -> PublicKey
+parseCertificate certificate = case X509.readSignedObjectFromMemory certificate of
+    [signedCert] -> case X509.certPubKey $ X509.signedObject $ X509.getSigned signedCert of
+        X509.PubKeyRSA key -> key
+        other -> error $ "Expected PubKeyRSA, but got " <> show other
+    xs -> error $ show xs
+
+run :: FilePath -> String -> FilePath -> IO ()
+run certPath timestamp respPath = do
+    cert <- B.readFile $ prefix </> certPath
+    xml <- B.readFile $ prefix </> respPath
+    now <- iso8601ParseM timestamp
+
+    let pub = parseCertificate cert
+        cfg = saml2ConfigNoEncryption pub
+
+    assertion <- runExceptT $ do
+        (responseXmlDoc, samlResponse) <- decodeResponse $ Base64.encode xml
+        validateSAMLResponse cfg responseXmlDoc samlResponse now
+
+    case assertion of
+        Left err -> assertFailure $ show err
+        Right _ -> pure ()
+
+prefix :: FilePath
+prefix = "tests/data"
+
+tests :: TestTree
+tests = testGroup "Validate SAML2 Response"
+    [ testCase "AzureAD signed response"
+        $ run "azuread.crt" "2023-05-10T01:20:00Z" "azuread-signed-response.xml"
+    , expectFail $ testCase "AzureAD signed assertion"
+        $ run "azuread.crt" "2023-05-09T16:00:00Z" "azuread-signed-assertion.xml"
+    , testCase "Okta with AttributeStatement"
+        $ run "okta.crt" "2023-06-16T06:43:00.000Z" "okta-attributes.xml"
+    ]

tests/data/azuread-signed-assertion.xml

@@ -0,0 +1 @@
+<samlp:Response ID="_c082940d-31cf-40a2-a581-2a7af122e7e5" Version="2.0" IssueInstant="2023-05-09T15:45:24.293Z" Destination="https://loopback.ja-sore.de:3443/auth/page/saml2/login" InResponseTo="id23dffd06a31f7ad10975c9c893bf8668" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><Assertion ID="_7dd71b79-0320-4c6b-b524-72f6993d8100" IssueInstant="2023-05-09T15:45:24.288Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/</Issuer><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#_7dd71b79-0320-4c6b-b524-72f6993d8100"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>SkxHylilOD37KOxJT4V0YLIsL3W3AYHWM+iIZHmbukc=</DigestValue></Reference></SignedInfo><SignatureValue>EIg22vtTqnEhiwE3HYruwnWOTKQjs57aQSqeq4gnLV7yoqQw0jjPWkkGTto2/0TeHWomX58Gj2MDNCRjlwid2jQuy6jZQW2+wDBurElVAO7trcxrX48EaKnG9ZPh/1++40O1l970zVzSRwknFvnOHpghWQsib9NadrRWB6/ZbmwpVhCfYYAcfu8z/o8TdQQtE66I2dr6YD8kAPbBe/vEeHBVPycaZj+8fqia5sIpGBUnH7rTvaTnzBHol1zg1YYyK8O53p7baQaQQ8WEZ4agBNjtHeJGbo2bP8uvO14FnoVoUQqDATJKkDHq5rM+6tQ0RvZgSP6jjKoiw5pfchedpQ==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIC8DCCAdigAwIBAgIQafqoqGZ3HoxNh23cdsDACjANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMjEwMjQwNDM3MzJaFw0yNTEwMjQwNDM3MzJaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIrXrPws5kjzFTAJbXa/pitQ2hZTs9CMOv48iFXJLRRr90GaIUikqbU0X4CL3bewMC0XVBlBQwTGpRIIWbYreZ6lfQYaP/ACGysQ96m2aknH8cUQdlUFCEo94LlzTLqkDf+JWfdBT6AWDS9aLjS/r25HZRUR7xBcdSYOfSEE2UcO8QBH9BvoOD/xBBwAvSo4rjOwr9ZaKAG3Axu7Dh/T2AAE5ZHbCIQEeMEEkofQbexitiTYt0c2CyWdAFoR6MlxEPhWE8sIko62PhDMBMuGu67ZCbBINIVj2CcDr1kBx6OVdgvZYum/A09RRzBTMuFMP2+WG3yCjaUMA3Gn5lpv2QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAO0/TzTx1OQYUTPGwafh2mHzVpc9Hk2LIY+YvV4bbVsUwnuV6HKVr2Sn3uLIUiSE/JjTdjy7KE/1LBN2KNMe7vs67gOIjOODf/LMQJMHqu7oJtZdt1omrpxJH6DkA/YmPGyUOcX7ADLbaw4cf2lTt8Pk97HP+EvAM31ZfjLtgyGDlREeWa/y2wWOHOdeO1CGwvK1BKz9Sdg7bAs7lBSX/1Qp8pnnOJb/2wNuc9vw6p5UCEFvlAzGyRRLPZfDiazDzTznTyYDPupzJ5pic3rcogzCGQGUWW5dGG7c6lM6EAYDKNAZ+cv4wWrMA4sAo+DdNkzs8sDSv8Jw1AXGRuOTzQ</X509Certificate></X509Data></KeyInfo></Signature><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">fumieval@herpdev.onmicrosoft.com</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="id23dffd06a31f7ad10975c9c893bf8668" NotOnOrAfter="2023-05-09T16:45:24.198Z" Recipient="https://loopback.ja-sore.de:3443/auth/page/saml2/login"/></SubjectConfirmation></Subject><Conditions NotBefore="2023-05-09T15:40:24.198Z" NotOnOrAfter="2023-05-09T16:45:24.198Z"><AudienceRestriction><Audience>https://loopback.ja-sore.de:3443/</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>b0a63ade-3ec7-4d8b-991f-87eb4336274a</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>552200d7-3516-4d81-8ea1-a87b429f07ef</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/displayname"><AttributeValue>fumieval</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>https://sts.windows.net/b0a63ade-3ec7-4d8b-991f-87eb4336274a/</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><AttributeValue>fumieval@herpdev.onmicrosoft.com</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2023-05-09T06:21:17.599Z" SessionIndex="_7dd71b79-0320-4c6b-b524-72f6993d8100"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>