Re: [Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response
Hi Pushpalanka, Thanks! This Spec has it all very detailed. Got the concern clarified and clear now! On Fri, Oct 2, 2015 at 10:48 AM, Pushpalanka Jayawardhana wrote: > Hi Nadeesha, > > The specification[1] mentions element as optional. Please refer > section "3.2.2 Complex Type StatusResponseType" in the specification. > Also there is sample SAML Response in the section "5.4.6 Example" of the > spec for quick reference. > > This issuer element defines who issued the SAML Assertion and in SAML > Response who issued the SAML Response. Hence there is the possibility for > one party to issue the SAML assertion and another party to issue the SAML > Response, seperately signing each element. > > [1] - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf > > Thanks, > Pushpalanka. > -- > Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). > Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ > Mobile: +94779716248 > Blog: pushpalankajaya.blogspot.com/ | LinkedIn: > lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka > > > On Fri, Oct 2, 2015 at 10:36 AM, Nadeesha Meegoda > wrote: > >> Hi Danushka, >> >> Thanks for the response! I tested this without enabling the response >> signing and assertion signing, but still the saml2:Issuer is duplicated in >> both response and assertion. As per my reading on the saml spec in [1] the >> Response doesn't contain an issuer, only the assertion contains the issuer >> element which is noted in 3.4 Responses section. Please correct me if I'm >> wrong. >> >> Full Response is attached for the above scenario mentioned ( without >> enabling the response signing and assertion signing ) >> >> [1] - http://saml.xml.org/saml-specifications >> >> Thanks! >> >> On Thu, Oct 1, 2015 at 8:33 PM, Danushka Fernando >> wrote: >> >>> Hi Nadeesha >>> The duplicate entry meant by you is under the saml assertion. Saml >>> response object contains a saml assertion. And when you sign both response >>> and assertion this entry includes into both objects. For more details you >>> can refer to saml spec. [1] >>> >>> [1] http://saml.xml.org/saml-specifications >>> >>> Thanks & Regards >>> Danushka Fernando >>> Senior Software Engineer >>> WSO2 inc. http://wso2.com/ >>> Mobile : +94716332729 >>> >>> >>> On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" wrote: >>> Hi IS team, I am testing SAML SSO with travelocity app and when I signed in to the app I noticed in the SAML authentication response getting duplicate entries for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same response data. Is there a special reason these are duplicated? Just need to clarify! Noted below is the section that is duplicated in the response: >>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >mgt.is.wso2.com http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>> URI="#bnlofhdfbehmnhiajimjohbkhepimciajocfmdkl"> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> fiOel63mdz3HsEz2JrSbUgBvYDw= VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc Full Response is attached with the mail. Highly appreciate an explanation on this! Thanks -- *Nadeesha Meegoda* Software Engineer - QA WSO2 Inc.; http://wso2.com lean.enterprise.middleware email : nadees...@wso2.com mobile: +94783639540 <%2B94%2077%202273555> ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> -- >> *Nadeesha Meegoda* >> Software Engineer - QA >> WSO2 Inc.; http:/
Re: [Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response
Hi Nadeesha, The specification[1] mentions element as optional. Please refer section "3.2.2 Complex Type StatusResponseType" in the specification. Also there is sample SAML Response in the section "5.4.6 Example" of the spec for quick reference. This issuer element defines who issued the SAML Assertion and in SAML Response who issued the SAML Response. Hence there is the possibility for one party to issue the SAML assertion and another party to issue the SAML Response, seperately signing each element. [1] - https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf Thanks, Pushpalanka. -- Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ Mobile: +94779716248 Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka On Fri, Oct 2, 2015 at 10:36 AM, Nadeesha Meegoda wrote: > Hi Danushka, > > Thanks for the response! I tested this without enabling the response > signing and assertion signing, but still the saml2:Issuer is duplicated in > both response and assertion. As per my reading on the saml spec in [1] the > Response doesn't contain an issuer, only the assertion contains the issuer > element which is noted in 3.4 Responses section. Please correct me if I'm > wrong. > > Full Response is attached for the above scenario mentioned ( without > enabling the response signing and assertion signing ) > > [1] - http://saml.xml.org/saml-specifications > > Thanks! > > On Thu, Oct 1, 2015 at 8:33 PM, Danushka Fernando > wrote: > >> Hi Nadeesha >> The duplicate entry meant by you is under the saml assertion. Saml >> response object contains a saml assertion. And when you sign both response >> and assertion this entry includes into both objects. For more details you >> can refer to saml spec. [1] >> >> [1] http://saml.xml.org/saml-specifications >> >> Thanks & Regards >> Danushka Fernando >> Senior Software Engineer >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 >> >> >> On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" wrote: >> >>> Hi IS team, >>> >>> I am testing SAML SSO with travelocity app and when I signed in to the >>> app I noticed in the SAML authentication response getting duplicate entries >>> for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same >>> response data. Is there a special reason these are duplicated? Just need to >>> clarify! >>> >>> Noted below is the section that is duplicated in the response: >>> >>> >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >>> >mgt.is.wso2.com >>> http://www.w3.org/2000/09/xmldsig#";> >>> >>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >>> >> URI="#bnlofhdfbehmnhiajimjohbkhepimciajocfmdkl"> >>> >>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >>> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >>> >>> http://www.w3.org/2000/09/xmldsig#sha1"; /> >>> >>> fiOel63mdz3HsEz2JrSbUgBvYDw= >>> >>> >>> >>> VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= >>> >>> >>> >>> MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc >>> >>> >>> >>> >>> Full Response is attached with the mail. >>> >>> Highly appreciate an explanation on this! >>> >>> >>> Thanks >>> >>> -- >>> *Nadeesha Meegoda* >>> Software Engineer - QA >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> email : nadees...@wso2.com >>> mobile: +94783639540 >>> <%2B94%2077%202273555> >>> >>> ___ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> > > > -- > *Nadeesha Meegoda* > Software Engineer - QA > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > email : nadees...@wso2.com > mobile: +94783639540 > <%2B94%2077%202273555> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > ___ Dev mailing list
Re: [Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response
Hi Danushka, Thanks for the response! I tested this without enabling the response signing and assertion signing, but still the saml2:Issuer is duplicated in both response and assertion. As per my reading on the saml spec in [1] the Response doesn't contain an issuer, only the assertion contains the issuer element which is noted in 3.4 Responses section. Please correct me if I'm wrong. Full Response is attached for the above scenario mentioned ( without enabling the response signing and assertion signing ) [1] - http://saml.xml.org/saml-specifications Thanks! On Thu, Oct 1, 2015 at 8:33 PM, Danushka Fernando wrote: > Hi Nadeesha > The duplicate entry meant by you is under the saml assertion. Saml > response object contains a saml assertion. And when you sign both response > and assertion this entry includes into both objects. For more details you > can refer to saml spec. [1] > > [1] http://saml.xml.org/saml-specifications > > Thanks & Regards > Danushka Fernando > Senior Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > > On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" wrote: > >> Hi IS team, >> >> I am testing SAML SSO with travelocity app and when I signed in to the >> app I noticed in the SAML authentication response getting duplicate entries >> for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same >> response data. Is there a special reason these are duplicated? Just need to >> clarify! >> >> Noted below is the section that is duplicated in the response: >> >> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >> >mgt.is.wso2.com >> http://www.w3.org/2000/09/xmldsig#";> >> >> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >> >> >> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> >> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >> >> http://www.w3.org/2000/09/xmldsig#sha1"; /> >> >> fiOel63mdz3HsEz2JrSbUgBvYDw= >> >> >> >> VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= >> >> >> >> MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc >> >> >> >> >> Full Response is attached with the mail. >> >> Highly appreciate an explanation on this! >> >> >> Thanks >> >> -- >> *Nadeesha Meegoda* >> Software Engineer - QA >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> email : nadees...@wso2.com >> mobile: +94783639540 >> <%2B94%2077%202273555> >> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> -- *Nadeesha Meegoda* Software Engineer - QA WSO2 Inc.; http://wso2.com lean.enterprise.middleware email : nadees...@wso2.com mobile: +94783639540 <%2B94%2077%202273555> http://localhost:8080/travelocity.com/home.jsp"; ID="mlncolpndppldfahlldjahicojinmokhdllbdojj" InResponseTo="0" IssueInstant="2015-10-02T04:46:46.635Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > localhost localhost http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> sW59qQPVCbwovHQV8ME/7WZPz+A= C4G4L7+DM/fFgIYc5DdiXvq81gbqI/FmS3VEqrKEQ5lsw4YghVO9rSNV/avqC6QSOQMqpdvM+V4Bk0orJEJMsJZaR4ekizaEp7iuNbfHAEWFz6Xl9/Fb5g+z1w/6Wk1O17k6SmrVTtlSmmPNXtFUsqY54SxXbgFKAVDZ12DX9/8= MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgN
Re: [Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response
Hi Nadeesha The duplicate entry meant by you is under the saml assertion. Saml response object contains a saml assertion. And when you sign both response and assertion this entry includes into both objects. For more details you can refer to saml spec. [1] [1] http://saml.xml.org/saml-specifications Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Oct 1, 2015 7:10 PM, "Nadeesha Meegoda" wrote: > Hi IS team, > > I am testing SAML SSO with travelocity app and when I signed in to the app > I noticed in the SAML authentication response getting duplicate entries for > saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same response > data. Is there a special reason these are duplicated? Just need to clarify! > > Noted below is the section that is duplicated in the response: > >xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" > >mgt.is.wso2.com > http://www.w3.org/2000/09/xmldsig#";> > > http://www.w3.org/2001/10/xml-exc-c14n#"; /> > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > > http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> > http://www.w3.org/2001/10/xml-exc-c14n#"; /> > > http://www.w3.org/2000/09/xmldsig#sha1"; /> > > fiOel63mdz3HsEz2JrSbUgBvYDw= > > > > VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= > > > > MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc > > > > > Full Response is attached with the mail. > > Highly appreciate an explanation on this! > > > Thanks > > -- > *Nadeesha Meegoda* > Software Engineer - QA > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > email : nadees...@wso2.com > mobile: +94783639540 > <%2B94%2077%202273555> > > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [IS] - Clarification on Duplicate entries in SAML Authentication Response
Hi IS team, I am testing SAML SSO with travelocity app and when I signed in to the app I noticed in the SAML authentication response getting duplicate entries for saml2:Issuer, ds:Signature, ds:X509Certificate etc with the same response data. Is there a special reason these are duplicated? Just need to clarify! Noted below is the section that is duplicated in the response: mgt.is.wso2.com http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> fiOel63mdz3HsEz2JrSbUgBvYDw= VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc Full Response is attached with the mail. Highly appreciate an explanation on this! Thanks -- *Nadeesha Meegoda* Software Engineer - QA WSO2 Inc.; http://wso2.com lean.enterprise.middleware email : nadees...@wso2.com mobile: +94783639540 <%2B94%2077%202273555> http://localhost:8080/travelocity.com/home.jsp"; ID="bnlofhdfbehmnhiajimjohbkhepimciajocfmdkl" InResponseTo="0" IssueInstant="2015-10-01T12:30:18.226Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > mgt.is.wso2.com http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> fiOel63mdz3HsEz2JrSbUgBvYDw= VgbMj1PIjJ0JFdyJ9AKaLkBnj7OD/prQahVU5WgdK9PAMvMedKt42pna+A5YznK0zLrzPKHAP/5VD6qHVPtF5LsYqJNEC4OTR1Mo2nzv34nOQxZZ95uxKBoxD/eVzgrqNBIzAecgSXvvYBj1ZlmjbJQoOuVxgdFOhOkz8S3bO+Q= MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc mgt.is.wso2.com http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> q3Gjd3ybFgDvyXUjjXxuDZ1qTLk= jNPdAfC1ZFvDsmW6qWELEM510ozoikggsJ2GMyfDGtmGvJ1e0Vfv4zPbZ5suNifCeFid9j2mf8KznNro2t9kj4+WVPrD7ujkIKVQOfB+xph0th7tpDG2YQVdeZtMSCcAPlako/v1E4w2QnWLtY+VjMYEdaz2Wv+qYxkOfMcJvv8= MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8P