checking in my saml aws google stuff

keeping for later
2026-01-25 11:38:48 -05:00
parent 140be5aeca
commit 211f403dbc
13 changed files with 310 additions and 0 deletions
--- a/aws_google_saml/saml-response.xml
+++ b/aws_google_saml/saml-response.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://signin.aws.amazon.com/saml" ID="_89fb5e312a1495806d900d04e80dfc7a" IssueInstant="2026-01-25T01:48:31.904Z" Version="2.0">
+    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?idpid=C00s6b4ae</saml2:Issuer>
+    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:SignedInfo>
+            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+            <ds:Reference URI="#_89fb5e312a1495806d900d04e80dfc7a">
+                <ds:Transforms>
+                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                </ds:Transforms>
+                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                <ds:DigestValue>PEMJNGR9h6N+Ae6z0r6t+hOe7KHZZaArBcruvXIvN/s=</ds:DigestValue>
+            </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue>cr95LXs4vcEet3QLpPwTzqvz/eXFN8padmt2vcHb2MM20QCyzqeZJKCU6OUAn+GqIm6xuYjYPJ7w
+iV2F9eVtJ9vpH3RK0lMRUpMHhH0Wl9w7GUtfVNQ9SEy4TqbmatmKNLL7SRDkCf/qKD95piH4Cz1x
+/tnZj1QNv4SeufUP5oPzL/86KuNOKFYDdr78ANMwi0Y4jrqbiwpta3z4h5tTbB/OuIfS8Ccrj7up
+Ha1+lWS5m4EOWfte44/pyMpjrHhDh9PoWeq6fI8i+4INfo5i3D0s8K0ZO7g5cyotM3wGdnVYZ8z0
+9wwK25rqEuXSKwLImqxZbpEpAuENrs6RjVRcuA==</ds:SignatureValue>
+        <ds:KeyInfo>
+            <ds:X509Data>
+                <ds:X509SubjectName>ST=California,C=US,OU=Google For Work,CN=Google,L=Mountain View,O=Google Inc.</ds:X509SubjectName>
+                <ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAZAnLlJYMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
+bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
+b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjQwNjE3
+MTcxMTA1WhcNMjkwNjE2MTcxMTA1WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
+TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwtQfziZzGOKbUVp4NeEypAzgDVqFu/NdMzxk/XCkHlfAZRwlbnP7FjBDUuzcZ69m
+VgeX827UQjutKN33LZWvMPnXhWaPsMUDrWQHSK0KTrOPU99AF2uFvKN9nUgey4SyNd+f/VVvFHfk
+B9sjkYYcfOwYXnDylNBTAJJRdhBB3xTtBdIMKP+bGsEPnCFMMeni8l92VhK035k/lGdvJCmP/+9Q
+Lyhl9qah6B07DcmHIgKDtqDL9wxoI0ZzmOIpvfPDyNxaHMeznJ+2l7BhkHchhQsqsXmchwcf8RlW
+VU6NRJkzQ8c3NDHEf1BiujeBHtyu7R0lQxrXJjJeHOnTnoUxxwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQAqyG0fwJ/Enn5xy3aeCR2LFLzinZZXxfb0MKjesUFfdctpNI5le6h/l1f7cDt1018SIzO0
+OyLo4AZEm5SGn4/ZMvOlDrnOiR9epa/xSLlk372HMCfpRMzG63RilFYiE5nn/jTdu9A1I4WwgVND
+SSt0a36IW43Zsx4ZRqG1tRZmf5uVKanKF2u00h80wXniS837u7mX+AH/GItyqK8xW4+u9LVuWsC+
+AC5OdBm53LSRwB+NH++SV9TaNqmsOQTsBYWcmv1L26d5ni/J5I1YI002dO7rBIxzURxdcHcPwxbz
+iFyI0D6oarxHqk+IsrrMoq0OaDQvyhRPXCtxnYtMGvfL</ds:X509Certificate>
+            </ds:X509Data>
+        </ds:KeyInfo>
+    </ds:Signature>
+    <saml2p:Status>
+        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </saml2p:Status>
+    <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_e3ecb300f17b392f4efab5f369b529d2" IssueInstant="2026-01-25T01:48:31.904Z" Version="2.0">
+        <saml2:Issuer>https://accounts.google.com/o/saml2?idpid=C00s6b4ae</saml2:Issuer>
+        <saml2:Subject>
+            <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">daniel@ideastoaction.com</saml2:NameID>
+            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <saml2:SubjectConfirmationData NotOnOrAfter="2026-01-25T01:53:31.904Z" Recipient="https://signin.aws.amazon.com/saml"/>
+            </saml2:SubjectConfirmation>
+        </saml2:Subject>
+        <saml2:Conditions NotBefore="2026-01-25T01:43:31.904Z" NotOnOrAfter="2026-01-25T01:53:31.904Z">
+            <saml2:AudienceRestriction>
+                <saml2:Audience>urn:amazon:webservices</saml2:Audience>
+            </saml2:AudienceRestriction>
+        </saml2:Conditions>
+        <saml2:AttributeStatement>
+            <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/Role">
+                <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyType">arn:aws:iam::572029606692:role/ITAAdmin,arn:aws:iam::572029606692:saml-provider/GoogleWorkspace</saml2:AttributeValue>
+            </saml2:Attribute>
+            <saml2:Attribute Name="https://aws.amazon.com/SAML/Attributes/RoleSessionName">
+                <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:anyType">daniel@ideastoaction.com</saml2:AttributeValue>
+            </saml2:Attribute>
+        </saml2:AttributeStatement>
+        <saml2:AuthnStatement AuthnInstant="2026-01-25T01:02:17.000Z" SessionIndex="_e3ecb300f17b392f4efab5f369b529d2">
+            <saml2:AuthnContext>
+                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
+            </saml2:AuthnContext>
+        </saml2:AuthnStatement>
+    </saml2:Assertion>
+</saml2p:Response>