在此响应中未找到有效的 SubjectConfirmation,laravel 和 saml2

A valid SubjectConfirmation was not found on this Response, laravel and saml2

过去几天我一直在努力弄清楚为什么我从 IdP 得到的响应被我正在使用的包拒绝了。我正在使用这个 https://github.com/aacotroneo/laravel-saml2 这是我得到的回复:

    xml: """
  <?xml version="1.0"?>
  <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" ID="vDJfB_2Fr9fGfh9izuYf6pSoE6q" IssueInstant="2020-11-04T08:55:23.144Z" InResp ▶
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">idP</saml:Issuer>
    <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="kle-id.i4AcYYOSNJEX0biJ1lhh" IssueInstant="2020-11-04T08:55:23.302Z" Version="2.0">
      <saml:Issuer>idP</saml:Issuer>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
  <ds:SignedInfo>
  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
  <ds:Reference URI="#kle-id.i4AcYYOSNJEX0biJ1lhh">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <ds:DigestValue>Bm0ARLP+duLFtM0UwVkXYr+W9PRSYYuW4sv0rzQsGlI=</ds:DigestValue>
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>
  RlvQm/VDU13e1oFU+y/0wr//bA6blrYBQER+57/hHq+SBRPDJl8hpEXnLaiv5AAEtzVteJrlhgc+
  9YbTg8478l8hmBfVZVzlIa0POypWrNA8lwzhwDRAsQtbxypY3RPwKW0SSs6kq0K0EduxecG4grcl
  1lWEpTRBtdv/NqVg6w8swSQzMXXf0GKjmqeagAqm3HeA6nSNc2T02ChwQ/78OZEbZjDaKj2Rqv2Y
  1zqf/xyM2QZES3IlVfA5yekoJfG81sZYn5s+RiTsqFjAMvKrBsaPbEMZoT3ZcFQLY+/b08cTxCEM
  RirLXRp86rAHhqps0+y1j9eFg0HWdvTO/3Ss0w==
  </ds:SignatureValue>
  <ds:KeyInfo>
  <ds:X509Data>
  <ds:X509Certificate>
  DELETED FOR PRIVACY REASONS
  </ds:X509Certificate>
  </ds:X509Data>
  <ds:KeyValue>
  <ds:RSAKeyValue>
  <ds:Modulus>
  DELETED
  </ds:Modulus>
  <ds:Exponent>AQAB</ds:Exponent>
  </ds:RSAKeyValue>
  </ds:KeyValue>
  </ds:KeyInfo>
  </ds:Signature>
      <saml:Subject>
        <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">DELETED FOR PRIVACY REASONS</saml:NameID>
        <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
          <saml:SubjectConfirmationData Recipient="DELETED FOR PRIVACY REASONS" NotOnOrAfter="2020-11-04T09:00:23.305Z" InResponseTo="ONELOGIN_6134c96d0e247a491cc1a83286b4226c2d30004a"
        </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2020-11-04T08:50:23.305Z" NotOnOrAfter="2020-11-04T09:00:23.305Z">
        <saml:AudienceRestriction>
          <saml:Audience>DELETED FOR PRIVACY REASONS</saml:Audience>
        </saml:AudienceRestriction>
      </saml:Conditions>
      <saml:AuthnStatement SessionIndex="kle-id.i4AcYYOSNJEX0biJ1lhh" AuthnInstant="2020-11-04T08:36:22.912Z">
        <saml:AuthnContext>
          <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
        </saml:AuthnContext>
      </saml:AuthnStatement>
    </saml:Assertion>
  </samlp:Response>
  """

我不确定发生了什么,但我一直在跟踪验证,在我看来,在 OneLogin\Saml2\Response.php[=] 第 359 行检查 NotBefore 属性后,它拒绝了此响应13=]

谁能帮我弄清楚这到底是怎么回事? idp 来自 PingFederate

通过查看响应中的 NotBefore 和 NotOnOrAfter 时间戳,Ping 设置为 5 分钟的时钟偏差,即 normal/default。

没有更具体的错误消息,如果您的 SP 抱怨 NotBefore,则听起来 IDP 服务器 (PF) 和您的 SP 应用程序之间存在时钟漂移问题。确保两台服务器在 OS 设置中不仅具有正确的时间,而且具有正确的时区。您可能需要重新启动 PF 才能pick-up 对系统时间进行任何更改(如果您进行了任何更改)。