I'm trying to use the python-saml toolkit (or part of the code in it) in my project but I'm having some problems I will try to address in this question. In my local machine (ubuntu 18.04) I got everything up and running but when it comes to install it in a centOS machine I had several problems. The release I'm using (have to use) is CentOS 6.8. I built all the rpm packages I needed (dependencies) and installed them. I get the error I'm stuc with, "failed to load certificate", in the following line of the python-saml code:
sign_key.loadCert(file_cert.name, xmlsec.KeyDataFormatCertPem)
This loadCert function is part of the dm.xmlsec.binding package. So I checked this function and this is it:
def loadCert(self, char *filename, xmlSecKeyDataFormat key_data_format):
"""load certificate of *key_data_format* from *filename*."""
cdef int rv
with nogil:
rv = xmlSecCryptoAppKeyCertLoad(self.key, filename, key_data_format)
if rv < 0:
raise Error("failed to load certificate", filename, rv)
Well, I guess the problem only can be in "xmlSecCryptoAppKeyCertLoad", so I checked this function which belongs to XMLSEC library and is defined as:
int xmlSecCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad == NULL)) {
xmlSecNotImplementedError("cryptoAppKeyCertLoad");
return(-1);
}
return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad(key, filename, format));
}
The arguments of the function "loadCert" are correct, the right cert file name and the right format. I tried it manually in command line and I got the same error (in the centOS machine only, everything alright in my Ubuntu).
Any idea of what can be the problem? I will have to understand what is happening somehow but if someone could help it would be great.
Thanks in advance!
Not important for the question but just in case can be helpful to someone else, I had problems installing dm.xmlsec.binding in red hat machines and I solved it by building the package following what is describing in https://github.com/onelogin/python-saml/issues/30, what means updating the /usr/bin/xmlsec1-config file to contain "-DXMLSEC_NO_SIZE_T" in "--cflags".
I solved it by loading the cert from memory instead of loading it from file. Still, don't really know why loading from file does not work in centOS 6.8 (or didn't work for me)