For VMware vSphere 6.7.0.4600, the get_idp_cert() function returns the first instance of bytes found that it thinks are a private key. I do see you perform a check_key_valid() to check if its a true cert or not. But unfortunately, these false positives pass the check.
Consequently, the private key is invalid and the SAML assertion can not be signed.
A quick fix to address the issue was comment out like 135 (which returns the key) and instead write all possible keys to separate files.
then with each key, i ran openssl rsa -noout -text -in $keyname to check if the key was valid or not. Out of the 100+ possible private keys extracted by get_idp_cert() one eventually was found to be correct. This key was then manually fed into sign_assertion()
Im sure there's a better way to address this. But it was the fix that worked for me at the time.
For VMware vSphere 6.7.0.4600, the get_idp_cert() function returns the first instance of bytes found that it thinks are a private key. I do see you perform a check_key_valid() to check if its a true cert or not. But unfortunately, these false positives pass the check.
Consequently, the private key is invalid and the SAML assertion can not be signed.
A quick fix to address the issue was comment out like 135 (which returns the key) and instead write all possible keys to separate files.
then with each key, i ran
openssl rsa -noout -text -in $keynameto check if the key was valid or not. Out of the 100+ possible private keys extracted by get_idp_cert() one eventually was found to be correct. This key was then manually fed into sign_assertion()Im sure there's a better way to address this. But it was the fix that worked for me at the time.