Hi.
We was configured Azure how identity provider to GSuite accounts.
All flow works fine but the response that send Azure to Gsuite it's not good.
If i parse the response using a validation tool https://www.samltool.com/validate_response.php this return an error "Assertion signature validation failed" and the Google page said "G Suite - No se puede acceder a esta cuenta, porque las credenciales de acceso no se pudieron verificar."
Intercepting responses and analyze to verify the firms and apper that it's not valid and it's the origila response from Azure AD
Anyone can help us?
<samlp:Response
ID="_69410d22-d68c-4afb-a8a0-9fc92a1f2bc4"
Version="2.0"
IssueInstant="2021-02-23T18:50:56.097Z"
Destination="https://www.google.com/a/spacetechies.com/acs"
InResponseTo="knbbgbackfekoeapjfhmogkohhneidgjebjopfkb"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/be4b977f-ecf8-4f4f-ac70-97603e45242b/
</Issuer>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion
ID="_f8da8c12-46ba-4668-a4c0-30bf55010d00"
IssueInstant="2021-02-23T18:50:56.087Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://sts.windows.net/be4b977f-ecf8-4f4f-ac70-97603e45242b/</Issuer>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference
URI="#_f8da8c12-46ba-4668-a4c0-30bf55010d00">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>OsD6mvggYdWXqfOiX4Zdn+wVI3KBMJ13AAA+
m4oazC4=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>azNBUtYk+PXSI+ALOZUqvM9s8euQqSrsnDjiFviP+kfqjCq2Erj/1NZNwCeaPSINtVvkqGnY4JMvj1zX4Optl0xYsRzQe80HSGJz4uulvc0ondOkdNDrOfO3UpIMTFTJYkm4np7vHH2lJts0Wc6z2P1OoAtZE/2sp0ZJikf0ALYIe/ndpV5S239kcEeKX4J97UEE/zx4nG1gAlKt9tl/TbzLjNpJFMraVlLrq38ZXVgUnZ6dH8qwHJHutCS7n3wpLKANpqAcHCRbdhADD3O3vNSRw1ZZ7b7xP5TAGmIyf4x5/
DBvvmE9jatcRyRDjZGFL3D8zu5980bOQdgAyjAfOg==
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIC8DCCAdigAwIBAgIQPqofNu+gc5ZFhlCJuONZIzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTAyMjMxNzAxMDBaFw0yNDAyMjMxNzAwNDlaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRTtffGOW5vVFrSnUk1foJl67WSU+uNa06JOhGSLYx0Jtpe8HCIckt0MCxVuqR/XBLQRM29x+AiOIZydbAh/bikcr7G3PPQJVMAFZst8ug1zqtCtC/Kqj4BumMfr4shFhSPP6pXS30ZdEWjse7+lml5W+sObILmWSUJsS8u/NSRVWMKCnPXDs9WDopDZ9ISkhVuy+6vt/T+/Tm1rmfe3NCGY3xT7GHzWAeH9PB8hdPuu0oeArYa9C78oFoFpH9t62M/uEdMvOQEE2qlmRaY9Wt28hDBOf6v+MpSgUMjLS6i6e0o8jwFJywBw4Ibn6Gn3kTGWHUSF78TxuVYlN6x+VQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDKw9DHlJPh6Ua7NLsbaS6KFARdMQ8DMXQhdlLrdgFzulrkZDo1xs6j9CiZ+JMC93R7yAXdHEc+uSOBM/ZFgblmr1yNXCV/8aAoQEWZSlASZh6xJHDmnNprLRmb0hNguC1iPZWcOg9EhuL4X9i4pIjC62UkPNa0ljsgXPLWF2nSevDX5xGwryE0pI4EcJNlkQAx2X2BPyvarc4Mn8/SBG0/Te25aXEfWUUBPINx03cxJVKoXIhBvVUhVHmSRLxMg5L9zZGFmx+mv7BlMeVmHOPuWI/mvNm6LIa/3+Ooe3+eMczs6oTt3GrLIl20/ijLNTVv2PpE8RTZUba8tuUjsb+X</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">******@alumnos.spacetechies.com
</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
InResponseTo="knbbgbackfekoeapjfhmogkohhneidgjebjopfkb"
NotOnOrAfter="2021-02-23T19:50:54.504Z"
Recipient="https://www.google.com/a/spacetechies.com/acs"/>
</SubjectConfirmation>
</Subject>
<Conditions
NotBefore="2021-02-23T18:45:54.504Z"
NotOnOrAfter="2021-02-23T19:50:54.504Z">
<AudienceRestriction>
<Audience>google.com/a/spacetechies.com</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/tenantid">
<AttributeValue>be4b977f-ecf8-4f4f-ac70-97603e45242b</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
<AttributeValue>daf56ba2-f893-4a09-b0f3-ab54afdb90eb</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/displayname">
<AttributeValue>alumno alumno</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/identityprovider">
<AttributeValue>https://sts.windows.net/be4b977f-ecf8-4f4f-ac70-97603e45242b/</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/claims/authnmethodsreferences">
<AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>alumno</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>alumno</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>******@spacetechies.onmicrosoft.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>******@alumnos.spacetechies.com</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement
AuthnInstant="2021-02-23T18:50:51.511Z"
SessionIndex="_f8da8c12-46ba-4668-a4c0-30bf55010d00">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 84%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 12%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)