function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Rest API IntegrationRest API Integration 

invalid Assertion for SAML 2.0 Bearer Assertion for SalesForce.com

I am trying to do "SAML 2.0 Bearer Assertion for SalesForce"

I am getting {"error":"invalid_grant","error_description":"invalid assertion"}

Is there any way to validate bearer assertion at salesforce?

I did following in my code

 

String henvironment = "https://login.salesforce.com/services/oauth2/token";
HttpClient httpclient = new HttpClient();
PostMethod post = new PostMethod(environment);
post.addParameter("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
post.addParameter("client_id","3MVG9Y6d_Btp4xp7hhxW8OtuTagu9IvM6pZ9WwW6ODSVU.4Qp8vV0XB2i0sQ0mfVWCopKNdHkJqxE16Eeonz_");
post.addParameter("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:saml2-bearer");
post.addParameter("client_assertion", Base64.encode(samlResponse.getBytes()));

 

generated Assertion xml as

<Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s2a6a5c4dd18e257c56c4d17b1d894ea8d23151fd6" IssueInstant="2012-03-13T10:25:44Z" Version="2.0">
<Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">3MVG9Y6d_Btp4xp7hhxW8OtuTagu9IvM6pZ9WwW6ODSVU.4Qp8vV0XB2i0sQ0mfVWCopKNdHkJqxE16Eeonz_</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
........</ds:Signature><Subject>
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">deepak.mule@vertex.co.in</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData NotOnOrAfter="2012-03-13T10:26:44Z" Recipient="https://login.salesforce.com/services/oauth2/token"/></SubjectConfirmation>
</Subject><Conditions>
<AudienceRestriction>
<Audience>https://saml.salesforce.com</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement AuthnInstant="2012-03-13T10:25:44Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:X509</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>


is there any thing missing ?