FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. misterjoj
    3. Best
    M
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 10
    • Best 3
    • Controversial 0
    • Groups 0

    Best posts made by misterjoj

    • RE: SAML SSO for Mattermost using FusionAuth

      @dan

      I have opened a ticket on Mattermost and provided them with the URL to this post. They are looking into it. Thanks for the insights. Will update if there is a way around this.

      Best Regards,

      posted in General Discussion
      M
      misterjoj
    • RE: SAML SSO for Mattermost using FusionAuth

      @dan

      Thanks to @robotdan I have been able to switch on the debug level. Below is the XML being sent

      fusionauth_1      | Aug 24, 2020 6:09:52.024 PM DEBUG io.fusionauth.samlv2.service.DefaultSAMLv2Service - SAMLRequest XML is
fusionauth_1      | <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8000/login/sso/saml" Destination="http://localhost:9011/samlv2/login/7dc5ea85-3495-3e94-62db-fc50e759d978" ID="_07e838e3-6d4a-45fd-9f97-307ea33802b6" IssueInstant="2020-08-24T18:09:51Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8000/login/sso/saml</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_07e838e3-6d4a-45fd-9f97-307ea33802b6"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>7j2BZ5Gtd7D9QwgV5lrjjduK+uY=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>OY96Y439syU7Zfz5esljLalM3/4SsVsm7xY/f61vrC2AM50EA1nUk4zQ6IbhEfy99npPxtbStqZ8KSWymq4dZbb0Q5xpi211y/hEOPVh+fcoSIPcL8EopaJ/HxJRNSYGv29oALwnMggET/0ORDawSBep8c2VEjDJozIL9RPwW70fD/HMi92dhOLi+uiofdr7w552igwxsMOLDj6swOs9tdNZrSQ2VcOcA9N6RvJSi4qWm9nMnaXQqzZcZewmL/nQ80Wz8XzTIngIqUSOL4Ulj88PvFsIb+fWsCnTZVFmSTq9WqRSYKv5ldIkckU5Hm1MY20607RPx82Dl91AEzWQLCCGnQvED3STg8AmFOe9aIlN/kMyd4Q4eutdRqH0Vzy8hPAPs2DPzNzesLhMBkIEu5iDdu0JFrWoc+Ysj0rAinCSvGQhPdPievLHaelzF2Yzyr4KSfjSLJhxs0Uqb30c1tqcAtAAH3+u7NLHpEbc0/+Bx8ao9AJpWKiFfVGPLw9KNLbTUVTs61zwNTnGp24d7rq84IcHWGd5UZMX9WFu66LmvnxansuC5xR4TUAvmAIoryuAPEiR6EK1Vt4A9MMjRGmx+cLjd1V+z+Pe6iWgcMv8iAB912MytKMms2u7XUKXng2GthkH8UE/HjXg89gjENajpoJCmhqecdeOjTNSU3s=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIFjDCCA3SgAwIBAgIUCeAwhCwAOr8GKURZEYhJskUIjTEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCVBhbG8gQWx0bzETMBEGA1UECgwKTWF0dGVybW9zdDEPMA0GA1UECwwGRGV2T3BzMR0wGwYDVQQDDBRtYXR0ZXJtb3N0LmxvY2FsaG9zdDAeFw0yMDA4MTkxNDE0MjVaFw0zMDA4MTcxNDE0MjVaMGYxCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3QxDzANBgNVBAsMBkRldk9wczEdMBsGA1UEAwwUbWF0dGVybW9zdC5sb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRqCWOJFGO5pZE6DPk068roQ/FDUSAx5aTQ1YAgysV/5zRuRXtOh/abPjonFRzvv8FzYDQbfi88jP9JlxjIY6C8D1v4DGscknKkoYkR6XXD3G2QWD0wlz+JZ8ODC+cKvMeEj4fwQ6CHu7EaGGRb7bgQyQxhcjnmg7NcYb0xwVbneju4ErFx4hLL69KZHdwMLDUcQ8hvPzN38KqOUs2gxcPg6PagVDYT2VvcthyOk1pyesoh8m+pvp23zwg5F1KPdza4OU8gf4YH9IPoBmdS2UZVAgughvvrlQnPvoHqCx6ILy+tNwcFesVJGgRI2fWyMwbXOSGVAaxetkt32Qkv96RG+w29yMDZM+bBE475z45GPmzQuNzUm/uY78MdgZ5CNTnUiifflD1Hvtc89KpJbPxJ6d1vwUedgVrRgiPVNTErYAyrX94HEL5J2/82SRhK19twYYtwGxps8fknN5Hit7n8nBU+iIF2JxShwyGhdPuT3T9hOGilxleTBJSOA6UkYJ0jSAk/cEupx1FrM0UjK6tljIuJqAZdzwiCOTlwgwyiOZq2Sbh21moitJNjsrQolopNX8hvPna2Z+mjlD8FKbs1ByqCLrxsQwFoIUaK5mIrGec3TWnSeyNnmyBwtb5y3qgNDgJMgmf69QDVdz8bOZLP9IK2Z66UvnFLhGnMs/QBQIDAQABozIwMDASBgNVHRMBAf8ECDAGAQH/AgEAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAiWlqVfSO093GUBOCEzlP7d5HRh3coZtMl/HPf0/evMfnzrqoDpPmMmdWb24tlVhVsE8l1ojr4b3WeHICkOyVGx5/SW1mDpbcZVbza3xwuwVQFvIAx49smZv4KdUM5lAGKTqVYxDogl7eZX+g9jwKMwxTXAOI3DJEjtg0inTk765crqkpPm6vGPKZy00Y5ydYXIePh+LjDLkPYk++1/KEJGGMBMcwywjhMQr3GAd9+uLXq6gO7Qf04HU0lkvHOSXIPfHkBc9+jbsPx8//WvLrYyK5w2UMawkWNYjWFy5XECljBsoFGPXsB6iSRzV/4X3AMIQyZozVpCgIh0YL+RSEjpx8HvDZXb6lCOSJigu5uUViRuExYc5a2RHqH3Vic4up98272B/5peqY/zilpL3bbBZHdJkEVxlzNPExkdwAhE6e/f4uMP3VI86XRysTP/FBb+0MCyeu2d6nikh/RFk/zRiXfyMWWVbUivnkc9jGkgbOshc1UE/G3xscBU0Wr36EJh42G95Vu15OicGOB2ULgy9hSapt3svYEYenVFG7ZEINePGtVwETGEDz6rCuXiteomfO1SE3Pa8oF6okEb/U3oENxRsPo1rfZoKtB1ZokMPYR5D2JnqUZgp0YFuKWj2estGf/D45RgV6himhOxejNJstcl4SdI7yPOQFbnHtMrU=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:NameIDPolicy AllowCreate="true" Format=""/></samlp:AuthnRequest>

      when formatted using an online tool we have the following

      <?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8000/login/sso/saml" Destination="http://localhost:9011/samlv2/login/7dc5ea85-3495-3e94-62db-fc50e759d978" ID="_07e838e3-6d4a-45fd-9f97-307ea33802b6" IssueInstant="2020-08-24T18:09:51Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
   <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8000/login/sso/saml</saml:Issuer>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
         <ds:Reference URI="#_07e838e3-6d4a-45fd-9f97-307ea33802b6">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
            <ds:DigestValue>7j2BZ5Gtd7D9QwgV5lrjjduK+uY=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>OY96Y439syU7Zfz5esljLalM3/4SsVsm7xY/f61vrC2AM50EA1nUk4zQ6IbhEfy99npPxtbStqZ8KSWymq4dZbb0Q5xpi211y/hEOPVh+fcoSIPcL8EopaJ/HxJRNSYGv29oALwnMggET/0ORDawSBep8c2VEjDJozIL9RPwW70fD/HMi92dhOLi+uiofdr7w552igwxsMOLDj6swOs9tdNZrSQ2VcOcA9N6RvJSi4qWm9nMnaXQqzZcZewmL/nQ80Wz8XzTIngIqUSOL4Ulj88PvFsIb+fWsCnTZVFmSTq9WqRSYKv5ldIkckU5Hm1MY20607RPx82Dl91AEzWQLCCGnQvED3STg8AmFOe9aIlN/kMyd4Q4eutdRqH0Vzy8hPAPs2DPzNzesLhMBkIEu5iDdu0JFrWoc+Ysj0rAinCSvGQhPdPievLHaelzF2Yzyr4KSfjSLJhxs0Uqb30c1tqcAtAAH3+u7NLHpEbc0/+Bx8ao9AJpWKiFfVGPLw9KNLbTUVTs61zwNTnGp24d7rq84IcHWGd5UZMX9WFu66LmvnxansuC5xR4TUAvmAIoryuAPEiR6EK1Vt4A9MMjRGmx+cLjd1V+z+Pe6iWgcMv8iAB912MytKMms2u7XUKXng2GthkH8UE/HjXg89gjENajpoJCmhqecdeOjTNSU3s=</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509Certificate>MIIFjDCCA3SgAwIBAgIUCeAwhCwAOr8GKURZEYhJskUIjTEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCVBhbG8gQWx0bzETMBEGA1UECgwKTWF0dGVybW9zdDEPMA0GA1UECwwGRGV2T3BzMR0wGwYDVQQDDBRtYXR0ZXJtb3N0LmxvY2FsaG9zdDAeFw0yMDA4MTkxNDE0MjVaFw0zMDA4MTcxNDE0MjVaMGYxCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3QxDzANBgNVBAsMBkRldk9wczEdMBsGA1UEAwwUbWF0dGVybW9zdC5sb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRqCWOJFGO5pZE6DPk068roQ/FDUSAx5aTQ1YAgysV/5zRuRXtOh/abPjonFRzvv8FzYDQbfi88jP9JlxjIY6C8D1v4DGscknKkoYkR6XXD3G2QWD0wlz+JZ8ODC+cKvMeEj4fwQ6CHu7EaGGRb7bgQyQxhcjnmg7NcYb0xwVbneju4ErFx4hLL69KZHdwMLDUcQ8hvPzN38KqOUs2gxcPg6PagVDYT2VvcthyOk1pyesoh8m+pvp23zwg5F1KPdza4OU8gf4YH9IPoBmdS2UZVAgughvvrlQnPvoHqCx6ILy+tNwcFesVJGgRI2fWyMwbXOSGVAaxetkt32Qkv96RG+w29yMDZM+bBE475z45GPmzQuNzUm/uY78MdgZ5CNTnUiifflD1Hvtc89KpJbPxJ6d1vwUedgVrRgiPVNTErYAyrX94HEL5J2/82SRhK19twYYtwGxps8fknN5Hit7n8nBU+iIF2JxShwyGhdPuT3T9hOGilxleTBJSOA6UkYJ0jSAk/cEupx1FrM0UjK6tljIuJqAZdzwiCOTlwgwyiOZq2Sbh21moitJNjsrQolopNX8hvPna2Z+mjlD8FKbs1ByqCLrxsQwFoIUaK5mIrGec3TWnSeyNnmyBwtb5y3qgNDgJMgmf69QDVdz8bOZLP9IK2Z66UvnFLhGnMs/QBQIDAQABozIwMDASBgNVHRMBAf8ECDAGAQH/AgEAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAiWlqVfSO093GUBOCEzlP7d5HRh3coZtMl/HPf0/evMfnzrqoDpPmMmdWb24tlVhVsE8l1ojr4b3WeHICkOyVGx5/SW1mDpbcZVbza3xwuwVQFvIAx49smZv4KdUM5lAGKTqVYxDogl7eZX+g9jwKMwxTXAOI3DJEjtg0inTk765crqkpPm6vGPKZy00Y5ydYXIePh+LjDLkPYk++1/KEJGGMBMcwywjhMQr3GAd9+uLXq6gO7Qf04HU0lkvHOSXIPfHkBc9+jbsPx8//WvLrYyK5w2UMawkWNYjWFy5XECljBsoFGPXsB6iSRzV/4X3AMIQyZozVpCgIh0YL+RSEjpx8HvDZXb6lCOSJigu5uUViRuExYc5a2RHqH3Vic4up98272B/5peqY/zilpL3bbBZHdJkEVxlzNPExkdwAhE6e/f4uMP3VI86XRysTP/FBb+0MCyeu2d6nikh/RFk/zRiXfyMWWVbUivnkc9jGkgbOshc1UE/G3xscBU0Wr36EJh42G95Vu15OicGOB2ULgy9hSapt3svYEYenVFG7ZEINePGtVwETGEDz6rCuXiteomfO1SE3Pa8oF6okEb/U3oENxRsPo1rfZoKtB1ZokMPYR5D2JnqUZgp0YFuKWj2estGf/D45RgV6himhOxejNJstcl4SdI7yPOQFbnHtMrU=</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
   <samlp:NameIDPolicy AllowCreate="true" Format="" />
</samlp:AuthnRequest>

      I am also sharing the metadata from my mattermost install got using the following curl http://localhost:8000/api/v4/saml/metadata -o metadata.xml

      <?xml version='1.0' encoding='UTF-8'?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2020-08-31T18:08:27.516331114Z" entityID="http://localhost:8000/login/sso/saml">
    <SPSSODescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <KeyDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" use="signing">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIFjDCCA3SgAwIBAgIUCeAwhCwAOr8GKURZEYhJskUIjTEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCVBhbG8gQWx0bzETMBEGA1UECgwKTWF0dGVybW9zdDEPMA0GA1UECwwGRGV2T3BzMR0wGwYDVQQDDBRtYXR0ZXJtb3N0LmxvY2FsaG9zdDAeFw0yMDA4MTkxNDE0MjVaFw0zMDA4MTcxNDE0MjVaMGYxCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3QxDzANBgNVBAsMBkRldk9wczEdMBsGA1UEAwwUbWF0dGVybW9zdC5sb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRqCWOJFGO5pZE6DPk068roQ/FDUSAx5aTQ1YAgysV/5zRuRXtOh/abPjonFRzvv8FzYDQbfi88jP9JlxjIY6C8D1v4DGscknKkoYkR6XXD3G2QWD0wlz+JZ8ODC+cKvMeEj4fwQ6CHu7EaGGRb7bgQyQxhcjnmg7NcYb0xwVbneju4ErFx4hLL69KZHdwMLDUcQ8hvPzN38KqOUs2gxcPg6PagVDYT2VvcthyOk1pyesoh8m+pvp23zwg5F1KPdza4OU8gf4YH9IPoBmdS2UZVAgughvvrlQnPvoHqCx6ILy+tNwcFesVJGgRI2fWyMwbXOSGVAaxetkt32Qkv96RG+w29yMDZM+bBE475z45GPmzQuNzUm/uY78MdgZ5CNTnUiifflD1Hvtc89KpJbPxJ6d1vwUedgVrRgiPVNTErYAyrX94HEL5J2/82SRhK19twYYtwGxps8fknN5Hit7n8nBU+iIF2JxShwyGhdPuT3T9hOGilxleTBJSOA6UkYJ0jSAk/cEupx1FrM0UjK6tljIuJqAZdzwiCOTlwgwyiOZq2Sbh21moitJNjsrQolopNX8hvPna2Z+mjlD8FKbs1ByqCLrxsQwFoIUaK5mIrGec3TWnSeyNnmyBwtb5y3qgNDgJMgmf69QDVdz8bOZLP9IK2Z66UvnFLhGnMs/QBQIDAQABozIwMDASBgNVHRMBAf8ECDAGAQH/AgEAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAiWlqVfSO093GUBOCEzlP7d5HRh3coZtMl/HPf0/evMfnzrqoDpPmMmdWb24tlVhVsE8l1ojr4b3WeHICkOyVGx5/SW1mDpbcZVbza3xwuwVQFvIAx49smZv4KdUM5lAGKTqVYxDogl7eZX+g9jwKMwxTXAOI3DJEjtg0inTk765crqkpPm6vGPKZy00Y5ydYXIePh+LjDLkPYk++1/KEJGGMBMcwywjhMQr3GAd9+uLXq6gO7Qf04HU0lkvHOSXIPfHkBc9+jbsPx8//WvLrYyK5w2UMawkWNYjWFy5XECljBsoFGPXsB6iSRzV/4X3AMIQyZozVpCgIh0YL+RSEjpx8HvDZXb6lCOSJigu5uUViRuExYc5a2RHqH3Vic4up98272B/5peqY/zilpL3bbBZHdJkEVxlzNPExkdwAhE6e/f4uMP3VI86XRysTP/FBb+0MCyeu2d6nikh/RFk/zRiXfyMWWVbUivnkc9jGkgbOshc1UE/G3xscBU0Wr36EJh42G95Vu15OicGOB2ULgy9hSapt3svYEYenVFG7ZEINePGtVwETGEDz6rCuXiteomfO1SE3Pa8oF6okEb/U3oENxRsPo1rfZoKtB1ZokMPYR5D2JnqUZgp0YFuKWj2estGf/D45RgV6himhOxejNJstcl4SdI7yPOQFbnHtMrU=</X509Certificate>
                </X509Data>
            </KeyInfo>
        </KeyDescriptor>
        <KeyDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" use="encryption">
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIFjDCCA3SgAwIBAgIUCeAwhCwAOr8GKURZEYhJskUIjTEwDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCVBhbG8gQWx0bzETMBEGA1UECgwKTWF0dGVybW9zdDEPMA0GA1UECwwGRGV2T3BzMR0wGwYDVQQDDBRtYXR0ZXJtb3N0LmxvY2FsaG9zdDAeFw0yMDA4MTkxNDE0MjVaFw0zMDA4MTcxNDE0MjVaMGYxCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlQYWxvIEFsdG8xEzARBgNVBAoMCk1hdHRlcm1vc3QxDzANBgNVBAsMBkRldk9wczEdMBsGA1UEAwwUbWF0dGVybW9zdC5sb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRqCWOJFGO5pZE6DPk068roQ/FDUSAx5aTQ1YAgysV/5zRuRXtOh/abPjonFRzvv8FzYDQbfi88jP9JlxjIY6C8D1v4DGscknKkoYkR6XXD3G2QWD0wlz+JZ8ODC+cKvMeEj4fwQ6CHu7EaGGRb7bgQyQxhcjnmg7NcYb0xwVbneju4ErFx4hLL69KZHdwMLDUcQ8hvPzN38KqOUs2gxcPg6PagVDYT2VvcthyOk1pyesoh8m+pvp23zwg5F1KPdza4OU8gf4YH9IPoBmdS2UZVAgughvvrlQnPvoHqCx6ILy+tNwcFesVJGgRI2fWyMwbXOSGVAaxetkt32Qkv96RG+w29yMDZM+bBE475z45GPmzQuNzUm/uY78MdgZ5CNTnUiifflD1Hvtc89KpJbPxJ6d1vwUedgVrRgiPVNTErYAyrX94HEL5J2/82SRhK19twYYtwGxps8fknN5Hit7n8nBU+iIF2JxShwyGhdPuT3T9hOGilxleTBJSOA6UkYJ0jSAk/cEupx1FrM0UjK6tljIuJqAZdzwiCOTlwgwyiOZq2Sbh21moitJNjsrQolopNX8hvPna2Z+mjlD8FKbs1ByqCLrxsQwFoIUaK5mIrGec3TWnSeyNnmyBwtb5y3qgNDgJMgmf69QDVdz8bOZLP9IK2Z66UvnFLhGnMs/QBQIDAQABozIwMDASBgNVHRMBAf8ECDAGAQH/AgEAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAiWlqVfSO093GUBOCEzlP7d5HRh3coZtMl/HPf0/evMfnzrqoDpPmMmdWb24tlVhVsE8l1ojr4b3WeHICkOyVGx5/SW1mDpbcZVbza3xwuwVQFvIAx49smZv4KdUM5lAGKTqVYxDogl7eZX+g9jwKMwxTXAOI3DJEjtg0inTk765crqkpPm6vGPKZy00Y5ydYXIePh+LjDLkPYk++1/KEJGGMBMcwywjhMQr3GAd9+uLXq6gO7Qf04HU0lkvHOSXIPfHkBc9+jbsPx8//WvLrYyK5w2UMawkWNYjWFy5XECljBsoFGPXsB6iSRzV/4X3AMIQyZozVpCgIh0YL+RSEjpx8HvDZXb6lCOSJigu5uUViRuExYc5a2RHqH3Vic4up98272B/5peqY/zilpL3bbBZHdJkEVxlzNPExkdwAhE6e/f4uMP3VI86XRysTP/FBb+0MCyeu2d6nikh/RFk/zRiXfyMWWVbUivnkc9jGkgbOshc1UE/G3xscBU0Wr36EJh42G95Vu15OicGOB2ULgy9hSapt3svYEYenVFG7ZEINePGtVwETGEDz6rCuXiteomfO1SE3Pa8oF6okEb/U3oENxRsPo1rfZoKtB1ZokMPYR5D2JnqUZgp0YFuKWj2estGf/D45RgV6himhOxejNJstcl4SdI7yPOQFbnHtMrU=</X509Certificate>
                </X509Data>
            </KeyInfo>
            <EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm">
                <DigestMethod></DigestMethod>
            </EncryptionMethod>
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
                <DigestMethod></DigestMethod>
            </EncryptionMethod>
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc">
                <DigestMethod></DigestMethod>
            </EncryptionMethod>
        </KeyDescriptor>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8000/login/sso/saml" index="1"></AssertionConsumerService>
    </SPSSODescriptor>
</EntityDescriptor>

      As suspected @dan the Format is an empty string <samlp:NameIDPolicy AllowCreate="true" Format="" /> I would want to check with mattermost if there is a way of setting the format in a way. Thanks a lot

      posted in General Discussion
      M
      misterjoj
    • RE: SAML SSO for Mattermost using FusionAuth

      thanks , I will do just that

      Best Regards,

      posted in General Discussion
      M
      misterjoj