python-“ SignatureError:无法验证签名”-Okta,pySAML2
作者:互联网
三天来,我一直在拉头发,试图将头缠在Okta& amp;上. SAML.
在我的本地计算机(OSX Mavericks)上,我能够成功执行此处列出的步骤:http://developer.okta.com/docs/guides/pysaml2
事情正常.
但是将所有内容移到运行几乎相同代码的CentOS盒子的生产服务器上,我遇到了这个“ SignatureError:无法验证签名”错误.
Traceback (most recent call last):
auth_response = saml_client.parse_authn_request_response(SAMLResponse, entity.BINDING_HTTP_POST)
File \”/usr/local/lib/python2.7.11/lib/python2.7/site-packages/saml2/client_base.py\”, line 599, in parse_authn_request_response binding, **kwargs)response = response.loads(xmlstr, False, origxml=origxml)
File \”/usr/local/lib/python2.7.11/lib/python2.7/site-packages/saml2/response.py\”, line 510, in loads self._loads(xmldata, decode, origxml)File \”/usr/local/lib/python2.7.11/lib/python2.7/site-packages/saml2/response.py\”, line 335, in _loads **args)
File \”/usr/local/lib/python2.7.11/lib/python2.7/site-packages/saml2/sigver.py\”, line 1756, in correctly_signed_response
class_name(response), origdoc)File \”/usr/local/lib/python2.7.11/lib/python2.7/site-packages/saml2/sigver.py\”, line 1571, in _check_signature
raise SignatureError(\”Failed to verify signature\”)
SignatureError: Failed to verify signature
我搜寻了互联网,以寻找解决此错误的方法.我是SAML和Okta的新手.
我的假设是,这与xmlsec1在生产机器上的行为有所不同有关.但是版本是相同的.有很多依赖关系,所以我不确定问题可能在哪里.
有没有人遇到这个错误?对我可以尝试的内容有任何想法吗?
解决方法:
我知道这有点晚了,但万一有人碰到这个:
pysaml2使用python的内置日志记录提供了很多日志记录,我为saml2.sigver定义了一个处理程序,并提供了很多信息.在这些日志中,我发现了这一点:
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
原来我需要安装xmlsec1-openssl.
希望这对以后的人有所帮助.
标签:encryption,cryptography,okta,python,saml-2-0 来源: https://codeday.me/bug/20191118/2029901.html