fleet/server/sso/testdata/missing_assertion.xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost:8080/api/v1/kolide/sso/callback" ID="_83579a9008ef726f87c52aad4b6dcc04" InResponseTo="SGJhi1g5D4/npOwXaw8t6A==" IssueInstant="2017-07-18T14:47:08.035Z" Version="2.0">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?idpid=C0171bstf</saml2:Issuer>
  <saml2p:Status>
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  </saml2p:Status>
</saml2p:Response>
Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) For https://github.com/fleetdm/confidential/issues/9931. [Here](https://github.com/fleetdm/fleet/blob/ec3e8edbdc3f1b4220ada22c8290dbf0237ce1ba/docs/Contributing/Testing-and-local-development.md?plain=1#L339)'s how to test SAML locally with SimpleSAML. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Improved SSO and SAML integration with enhanced session management using secure cookies. * Added support for IdP-initiated login flows. * Introduced new tests covering SSO login flows, metadata handling, and error scenarios. * Bug Fixes * Enhanced validation and error handling for invalid or tampered SAML responses. * Fixed session cookie handling during SSO and Apple MDM SSO flows. * Refactor * Replaced custom SAML implementation with the crewjam/saml library for improved reliability. * Simplified SAML metadata parsing and session store management. * Streamlined SSO authorization request and response processing. * Removed deprecated fields and redundant code related to SSO. * Documentation * Updated testing and local development docs with clearer instructions for SSO and IdP-initiated login. * Chores * Upgraded dependencies including crewjam/saml and related packages. * Cleaned up tests and configuration by removing deprecated fields and unused imports. <!-- end of auto-generated comment: release notes by coderabbit.ai --> 2025-07-07 18:13:46 +00:00			`<?xml version="1.0" encoding="UTF-8" standalone="no"?>`
			`<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://localhost:8080/api/v1/kolide/sso/callback" ID="_83579a9008ef726f87c52aad4b6dcc04" InResponseTo="SGJhi1g5D4/npOwXaw8t6A==" IssueInstant="2017-07-18T14:47:08.035Z" Version="2.0">`
			`<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://accounts.google.com/o/saml2?idpid=C0171bstf</saml2:Issuer>`
			`<saml2p:Status>`
			`<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>`
			`</saml2p:Status>`
			`</saml2p:Response>`