From 211f403dbcfbf5ab75dd4b189501e0068de891d1 Mon Sep 17 00:00:00 2001
From: Daniel Romischer <daniel@romischer.com>
Date: Sun, 25 Jan 2026 11:38:48 -0500
Subject: [PATCH] checking in my saml aws google stuff

keeping for later
---
 .DS_Store                                     | Bin 10244 -> 10244 bytes
 aws_google_saml/.DS_Store                     | Bin 0 -> 6148 bytes
 ...4_13-041_d-90661c455f_sp_saml_metadata.xml |   1 +
 ...4_13-045_d-90661c455f_sp_saml_metadata.xml |   1 +
 aws_google_saml/GoogleIDPMetadata (1).xml     |  29 +++++++
 aws_google_saml/GoogleIDPMetadata (2).xml     |  29 +++++++
 aws_google_saml/GoogleIDPMetadata (3).xml     |  29 +++++++
 aws_google_saml/GoogleIDPMetadata.xml         |  29 +++++++
 aws_google_saml/GoogleWorkspace.xml           |  15 ++++
 aws_google_saml/cert.b64                      |   1 +
 aws_google_saml/google_cert.pem               |  21 +++++
 aws_google_saml/inspect_saml.py               |  81 ++++++++++++++++++
 aws_google_saml/saml-response.xml             |  74 ++++++++++++++++
 13 files changed, 310 insertions(+)
 create mode 100644 aws_google_saml/.DS_Store
 create mode 100644 aws_google_saml/2026-0-24_13-041_d-90661c455f_sp_saml_metadata.xml
 create mode 100644 aws_google_saml/2026-0-24_13-045_d-90661c455f_sp_saml_metadata.xml
 create mode 100644 aws_google_saml/GoogleIDPMetadata (1).xml
 create mode 100644 aws_google_saml/GoogleIDPMetadata (2).xml
 create mode 100644 aws_google_saml/GoogleIDPMetadata (3).xml
 create mode 100644 aws_google_saml/GoogleIDPMetadata.xml
 create mode 100644 aws_google_saml/GoogleWorkspace.xml
 create mode 100644 aws_google_saml/cert.b64
 create mode 100644 aws_google_saml/google_cert.pem
 create mode 100644 aws_google_saml/inspect_saml.py
 create mode 100644 aws_google_saml/saml-response.xml

diff --git a/.DS_Store b/.DS_Store
index ee7b57b593849fc5d0dd523b49ba6b1d73774e7b..f0090ff608841a9e5fbc1e9c0e97dad726ed94db 100644
GIT binary patch
delta 525
zcmZn(XbG6$&nUk!U^hRb{AM13az=T6hD3&PhGK?zhIEE}AWUb-VMqn?ih<&}3^|jR
z3Ce2|P?J<%T#%HLpTxkxuxoOlWTB>1b+xgHiH?Gyv5|4DjzYDep|OFEg1M<hZ7nB<
zsItCwP<(byZeD)R<Oibi^}RrS1Z>DjHw;eB&n*C|gaHCNa`RnWpl;&mp7uk?e)4fg
zpjIrpoRGbno1a3YHe_9sH%bT-3Z$~&qP(2^ymX)=7$-LfnoQ;v72JGO(4Bd*l%&9B
z8PUJYOiWCZr6o-n;bCZIY6J{JLrWuqVaV7!`K^T9WGyMv&FsR)j7&udlWjzbCbP-J
eOjZ{V*jQG?xS3ty7t7|mLi$V~`zFhX9svMK2ZL|`

delta 123
zcmV->0EGX9P=rvBPXQRQP`eKS7_$rzcL9^r6eE+$6Al6Zva{L~Rs)mS6A-gN7ySd1
zFBcJ$P8%kZXcu)CGcYqYEFdv6HaLAOAbT+}GcYV5H8VAn^cORe6dN0pO&m3|c^Ibw
dlPMltlRg^|v38XMvj-sh1e4Aa8?!(c=mKDpCdvQ+

diff --git a/aws_google_saml/.DS_Store b/aws_google_saml/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..068a30e3b8a94db074a53b3a3424053b7c76f35a
GIT binary patch
literal 6148
zcmeHK%Sr<=6g|-{iY{6aL3e{IU9_~d3hstdkuC(mg-dPiSj5&!RnXmhgWuuGPx43f
z+?znB(<v6g2a+3-lh?gTPHvJJ0H*QKtpY^=c}Bt95|a#(c8OE6;A)nMMs1W(K?ya~
zaW>W4S9k_I1AmPHIlDE63gaHn?)dyxv7_ZWsyxkI=J(mU$56!uPxvmwC0p)rt7#hp
z^qCtV!ads5Xe*ZSC@ro2@S@Wnb~v6~HVww|y9#rk&tdl)=J1-DL!Rr3FygGs=y09&
z$vK<NRR02c7&7#@?uhdnYu~awNNGQ(v^Q{=&~BlLV;rTp3$R7Dw>h5-4j1J9O>#J|
z#oA1Zqc2+AnQ8GYWpQneRcEeNJ?16hF{=}nPRZp6*XoUJ-HB`~vgb)F1zh1qwIXWW
zCp@`KzkW*Xp?E-2dxe_T?@Js#QaeMn7iI665idwuVDZ<4Z?;HY?f@^I0ndPEAjyE-
z4*{cK=rFdZR|gY$f}}ksD8jrv?}CBD&|z$mEfix_iB{FPUkqc_Ss%E5p~KjsRfo}$
zX~&Ih+#ib3(ODm8cbL$kPdx*kfk_4yZLuit|H174|4AiZ@(g$e{uKiz*F0%9xFq+s
yPAyK}+JNz#QAGO17FC6bdyX|DPw_gV3flt75JQKtMb=RKhk(-H6VJepGVlTZzSi*o

literal 0
HcmV?d00001

diff --git a/aws_google_saml/2026-0-24_13-041_d-90661c455f_sp_saml_metadata.xml b/aws_google_saml/2026-0-24_13-041_d-90661c455f_sp_saml_metadata.xml
new file mode 100644
index 0000000..0c1a990
--- /dev/null
+++ b/aws_google_saml/2026-0-24_13-041_d-90661c455f_sp_saml_metadata.xml
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://us-east-1.signin.aws.amazon.com/platform/saml/d-90661c455f"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://us-east-1.signin.aws.amazon.com/platform/saml/acs/4941442dc2f7c1f7-396d-49f0-9795-483dc721f181" index="0" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>
\ No newline at end of file
diff --git a/aws_google_saml/2026-0-24_13-045_d-90661c455f_sp_saml_metadata.xml b/aws_google_saml/2026-0-24_13-045_d-90661c455f_sp_saml_metadata.xml
new file mode 100644
index 0000000..0c1a990
--- /dev/null
+++ b/aws_google_saml/2026-0-24_13-045_d-90661c455f_sp_saml_metadata.xml
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://us-east-1.signin.aws.amazon.com/platform/saml/d-90661c455f"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://us-east-1.signin.aws.amazon.com/platform/saml/acs/4941442dc2f7c1f7-396d-49f0-9795-483dc721f181" index="0" isDefault="true"/></md:SPSSODescriptor></md:EntityDescriptor>
\ No newline at end of file
diff --git a/aws_google_saml/GoogleIDPMetadata (1).xml b/aws_google_saml/GoogleIDPMetadata (1).xml
new file mode 100644
index 0000000..597f1c2
--- /dev/null
+++ b/aws_google_saml/GoogleIDPMetadata (1).xml	
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C00s6b4ae" validUntil="2029-06-16T17:11:05.000Z">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/aws_google_saml/GoogleIDPMetadata (2).xml b/aws_google_saml/GoogleIDPMetadata (2).xml
new file mode 100644
index 0000000..597f1c2
--- /dev/null
+++ b/aws_google_saml/GoogleIDPMetadata (2).xml	
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C00s6b4ae" validUntil="2029-06-16T17:11:05.000Z">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/aws_google_saml/GoogleIDPMetadata (3).xml b/aws_google_saml/GoogleIDPMetadata (3).xml
new file mode 100644
index 0000000..597f1c2
--- /dev/null
+++ b/aws_google_saml/GoogleIDPMetadata (3).xml	
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C00s6b4ae" validUntil="2029-06-16T17:11:05.000Z">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/aws_google_saml/GoogleIDPMetadata.xml b/aws_google_saml/GoogleIDPMetadata.xml
new file mode 100644
index 0000000..597f1c2
--- /dev/null
+++ b/aws_google_saml/GoogleIDPMetadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C00s6b4ae" validUntil="2029-06-16T17:11:05.000Z">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/aws_google_saml/GoogleWorkspace.xml b/aws_google_saml/GoogleWorkspace.xml
new file mode 100644
index 0000000..5c5c92b
--- /dev/null
+++ b/aws_google_saml/GoogleWorkspace.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C00s6b4ae" validUntil="2029-06-16T17:11:05.000Z">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3 MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0 OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+ AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C00s6b4ae"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor> 
\ No newline at end of file
diff --git a/aws_google_saml/cert.b64 b/aws_google_saml/cert.b64
new file mode 100644
index 0000000..b7fd762
--- /dev/null
+++ b/aws_google_saml/cert.b64
@@ -0,0 +1 @@
+MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ\nbmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv\nb2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3\nMTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN\nTW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx\nCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m\nVgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk\nB9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q\nLyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW\nVU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA\nA4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0\nOyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND\nSSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+\nAC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz\niFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL
diff --git a/aws_google_saml/google_cert.pem b/aws_google_saml/google_cert.pem
new file mode 100644
index 0000000..a55c4d6
--- /dev/null
+++ b/aws_google_saml/google_cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoT
+C0dvb2dsZSBJbmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZH
+b29nbGUxGDAWBgNVBAsTD0dvb2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3MTcxMTA1WhcNMjkwNjE2MTcxMTA1
+WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMNTW91bnRhaW4gVmll
+dzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfA
+ZRwlbnP7FjBDUuzcZ69mVgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOP
+U99AF2uFvKN9nUgey4SyNd+f/VVvFHfkB9sjkYYcfOwYXnDylNBTAJJRdhBB3xTt
+BdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9QLyhl9qah6B07DcmHIgKD
+tqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlWVU6NRJkz
+Q8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/
+l1f7cDt1018SIzO0OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG
+63RilFYiE5nn/jTdu9A1I4WwgVNDSSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u0
+0h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+AC5OdBm53LSRwB+NH++SV9Ta
+NqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbziFyI0D6oarxH
+qk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL
+-----END CERTIFICATE-----
diff --git a/aws_google_saml/inspect_saml.py b/aws_google_saml/inspect_saml.py
new file mode 100644
index 0000000..c454c46
--- /dev/null
+++ b/aws_google_saml/inspect_saml.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+import sys, subprocess
+from xml.etree import ElementTree as ET
+
+fn = "saml-response.xml"
+ns = {
+    'p': 'urn:oasis:names:tc:SAML:2.0:protocol',
+    's': 'urn:oasis:names:tc:SAML:2.0:assertion',
+    'ds': 'http://www.w3.org/2000/09/xmldsig#'
+}
+
+try:
+    root = ET.parse(fn).getroot()
+except Exception as e:
+    print("ERROR: cannot parse saml-response.xml:", e)
+    sys.exit(1)
+
+def find_text(path, default=""):
+    el = root.find(path, ns)
+    return el.text.strip() if el is not None and el.text else default
+
+# Status (StatusCode Value attribute)
+status_el = root.find('.//p:Status/p:StatusCode', ns)
+status = status_el.get('Value') if status_el is not None else ""
+print("Status: " + status)
+
+# NameID
+nameid = find_text('.//s:NameID')
+print("Name: " + nameid)
+
+# Audience
+aud = find_text('.//s:Audience')
+print("Audience: " + aud)
+
+# Recipient (SubjectConfirmationData @Recipient)
+rec_el = root.find('.//s:Subject/s:SubjectConfirmation/s:SubjectConfirmationData', ns)
+recipient = rec_el.get('Recipient') if rec_el is not None else ""
+print("Recipient: " + recipient)
+
+# Extract cert and write PEM with proper line breaks
+cert_el = root.find('.//ds:X509Certificate', ns)
+if cert_el is None or not cert_el.text or not cert_el.text.strip():
+    print("no-cert-found")
+    sys.exit(0)
+
+b64 = "".join(cert_el.text.split())
+pem = "-----BEGIN CERTIFICATE-----\n"
+# wrap at 64 chars per line
+for i in range(0, len(b64), 64):
+    pem += b64[i:i+64] + "\n"
+pem += "-----END CERTIFICATE-----\n"
+
+with open("google_cert.pem", "w") as f:
+    f.write(pem)
+
+# Try to print openssl fingerprint
+try:
+    out = subprocess.check_output(['openssl','x509','-in','google_cert.pem','-noout','-fingerprint','-sha256'], stderr=subprocess.STDOUT)
+    print(out.decode().strip())
+except Exception as e:
+    print("openssl-not-available-or-error")
+    
+# Print all Attribute values for AWS Role and RoleSessionName
+role_attr = root.find('.//s:Attribute[@Name="https://aws.amazon.com/SAML/Attributes/Role"]', ns)
+if role_attr is not None:
+    vals = [v.text.strip() for v in role_attr.findall('.//s:AttributeValue', ns) if v.text]
+    for v in vals:
+        print("ROLE_ATTRIBUTE_VALUE: " + v)
+else:
+    print("ROLE_ATTRIBUTE_VALUE: not-present")
+
+role_session_attr = root.find('.//s:Attribute[@Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName"]', ns)
+if role_session_attr is not None:
+    vals = [v.text.strip() for v in role_session_attr.findall('.//s:AttributeValue', ns) if v.text]
+    for v in vals:
+        print("ROLE_SESSION_NAME_VALUE: " + v)
+else:
+    print("ROLE_SESSION_NAME_VALUE: not-present")
+
+
+
diff --git a/aws_google_saml/saml-response.xml b/aws_google_saml/saml-response.xml
new file mode 100644
index 0000000..d53bbb9
--- /dev/null
+++ b/aws_google_saml/saml-response.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://signin.aws.amazon.com/saml" ID="_89fb5e312a1495806d900d04e80dfc7a" IssueInstant="2026-01-25T01:48:31.904Z" Version="2.0">
+    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?idpid=C00s6b4ae</saml2:Issuer>
+    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:SignedInfo>
+            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+            <ds:Reference URI="#_89fb5e312a1495806d900d04e80dfc7a">
+                <ds:Transforms>
+                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                </ds:Transforms>
+                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                <ds:DigestValue>PEMJNGR9h6N+Ae6z0r6t+hOe7KHZZaArBcruvXIvN/s=</ds:DigestValue>
+            </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue>cr95LXs4vcEet3QLpPwTzqvz/eXFN8padmt2vcHb2MM20QCyzqeZJKCU6OUAn+GqIm6xuYjYPJ7w
+iV2F9eVtJ9vpH3RK0lMRUpMHhH0Wl9w7GUtfVNQ9SEy4TqbmatmKNLL7SRDkCf/qKD95piH4Cz1x
+/tnZj1QNv4SeufUP5oPzL/86KuNOKFYDdr78ANMwi0Y4jrqbiwpta3z4h5tTbB/OuIfS8Ccrj7up
+Ha1+lWS5m4EOWfte44/pyMpjrHhDh9PoWeq6fI8i+4INfo5i3D0s8K0ZO7g5cyotM3wGdnVYZ8z0
+9wwK25rqEuXSKwLImqxZbpEpAuENrs6RjVRcuA==</ds:SignatureValue>
+        <ds:KeyInfo>
+            <ds:X509Data>
+                <ds:X509SubjectName>ST=California,C=US,OU=Google For Work,CN=Google,L=Mountain View,O=Google Inc.</ds:X509SubjectName>
+                <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+            </ds:X509Data>
+        </ds:KeyInfo>
+    </ds:Signature>
+    <saml2p:Status>
+        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </saml2p:Status>
+    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_e3ecb300f17b392f4efab5f369b529d2" IssueInstant="2026-01-25T01:48:31.904Z" Version="2.0">
+        <saml2:Issuer>https://accounts.google.com/o/saml2?idpid=C00s6b4ae</saml2:Issuer>
+        <saml2:Subject>
+            <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">daniel@ideastoaction.com</saml2:NameID>
+            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <saml2:SubjectConfirmationData NotOnOrAfter="2026-01-25T01:53:31.904Z" Recipient="https://signin.aws.amazon.com/saml"/>
+            </saml2:SubjectConfirmation>
+        </saml2:Subject>
+        <saml2:Conditions NotBefore="2026-01-25T01:43:31.904Z" NotOnOrAfter="2026-01-25T01:53:31.904Z">
+            <saml2:AudienceRestriction>
+                <saml2:Audience>urn:amazon:webservices</saml2:Audience>
+            </saml2:AudienceRestriction>
+        </saml2:Conditions>
+        <saml2:AttributeStatement>
+            <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/Role">
+                <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyType">arn:aws:iam::572029606692:role/ITAAdmin,arn:aws:iam::572029606692:saml-provider/GoogleWorkspace</saml2:AttributeValue>
+            </saml2:Attribute>
+            <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName">
+                <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyType">daniel@ideastoaction.com</saml2:AttributeValue>
+            </saml2:Attribute>
+        </saml2:AttributeStatement>
+        <saml2:AuthnStatement AuthnInstant="2026-01-25T01:02:17.000Z" SessionIndex="_e3ecb300f17b392f4efab5f369b529d2">
+            <saml2:AuthnContext>
+                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
+            </saml2:AuthnContext>
+        </saml2:AuthnStatement>
+    </saml2:Assertion>
+</saml2p:Response>