function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Rest API IntegrationRest API Integration 

OpenAM & SalesForce SAML Assertion problem

I have configured OpenSSO-client.war SDK. Using this I can able get SAML assertion. But when I exchange this SAML Assetion with SalesForce I got following error message.

 

Auth response: {"error":"invalid_grant","error_URI":"https://na7.salesforce.comnull/setup/secur/SAMLValidationPage.apexp","error_description":"invalid assertion"}

 

 when I validate SAML Assertion with SalesForce https://deepak-developer-edition.my.salesforce.com/setup/secur/SAMLValidationPage.apexp I got exception :

Unable to parse the response: Expect Root element is "Response"[saml:Assertion: null]

 

Do I need to convert this SAML assertion to response?


I have included the SAML assertion.

SAML assertion received by OpenAM from client SDK

 

<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    ID="uuid-2f287f2d-4fea-47de-9253-669b48b8fc1f" IssueInstant="2012-02-20T06:05:48Z"
    Version="2.0">
    <saml:Issuer>SunSTS</saml:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="#uuid-2f287f2d-4fea-47de-9253-669b48b8fc1f">
                <ds:Transforms>
                    <ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <ds:DigestValue>8OQUfcSQLKXiTi4LCBZamvK0xsk=
                </ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>
            My1X6YPsaO08LJIT+0symAQEWvhfZqFxUuiHwJSGOvWVoHWbPQ//z74+oiM7iAEZTHc20NaMhJkC
            jaek0bvd+HNV/n52FX3D0mw1mMvVxqKzVnAI/WNBUrvi5MJ5uSnRxEfW9pYdGnU6J4gF1ArbMZji
            McUZCpxdQ5YO/T5dWDo=
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                    MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
                    bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
                    ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
                    CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
                    BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
                    AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
                    RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
                    Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
                    QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
                    cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
                    /FfwWigmrW0Y0Q==
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml:Subject>
        <saml:NameID NameQualifier="SunSTS">id=deepakmule,ou=user,dc=opensso,dc=java,dc=net</saml:NameID>
        <saml:SubjectConfirmation
            Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
        </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2012-02-20T06:05:48Z"
        NotOnOrAfter="2012-02-20T06:10:48Z">
        <saml:AudienceRestriction>
            <saml:Audience>default</saml:Audience>
        </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2012-02-20T06:05:48Z">
        <saml:AuthnContext>
            <saml:AuthnContextClassRef>
                urn:oasis:names:tc:SAML:2.0:ac:classes:X509
            </saml:AuthnContextClassRef>
        </saml:AuthnContext>
    </saml:AuthnStatement>
</saml:Assertion>

flicusflicus

Hello, do you get over this error somehow? Coz i am getting the same and cant understand whats wrong :(

flicusflicus

if someone expirience the same problem, the working response is:

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                                                               IssueInstant="2012-07-05T09:56:15.423Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">saml2immp</saml2:Issuer>
<saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0acb23e51283a6abf33ba3eab12702a3"
                 IssueInstant="2012-07-05T09:56:10.294Z" Version="2.0">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">saml2immp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_0acb23e51283a6abf33ba3eab12702a3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue/>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue/>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDgTCCAmmgAwIBAgIESKuV1zANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJSVTEPMA0GA1UE
                    CBMGUnVzc2lhMQ8wDQYDVQQHEwZNb3Njb3cxEjAQBgNVBAoTCXNhbWwyaW1tcDESMBAGA1UECxMJ
                    c2FtbDJpbW1wMRgwFgYDVQQDEw9TZXJnZXkgU2tvcHRzb3YwHhcNMTIwNzA0MTEyMTAyWhcNMTMw
                    NjI5MTEyMTAyWjBxMQswCQYDVQQGEwJSVTEPMA0GA1UECBMGUnVzc2lhMQ8wDQYDVQQHEwZNb3Nj
                    b3cxEjAQBgNVBAoTCXNhbWwyaW1tcDESMBAGA1UECxMJc2FtbDJpbW1wMRgwFgYDVQQDEw9TZXJn
                    ZXkgU2tvcHRzb3YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMwJ4Na7/1DxHqWGD4
                    yzh2l+1SL7BnrfwfJXDo8+z102iRDx4I56bwLEwg0Ro6KNq54ne5hNPQfhalvQBmv9ax0PHHib7J
                    L6fF/LgQQ0EyBmENnB8IEfoqfHX84KCYBo/fRAlZxSSmwDrhUXN1i4iC8qnm3WtDlRSvKeIa5BGs
                    U4p/DstTLmIkjbSomVtFuPffOPEzJZdGPMqREVwQunKzfIcisrud591soPfQksQql6xZDRGhfX4r
                    P//kec7p/nNfxxVYwAtgzihsiDVP6Yj4ao7T2TvaR3qST0Al1eoJ43yE1lD20xyZUDihqrpMEI5b
                    QjqZb5JuG5bQV2CWpIcPAgMBAAGjITAfMB0GA1UdDgQWBBT187bo9QnFW2kbX9EupKp1TTX9TDAN
                    BgkqhkiG9w0BAQsFAAOCAQEAaXdQofGlonLnSee//RqtSxWtw4EAtRz58NkEGgX+mEHHI4JY3CS9
                    TbtKU+xuYpuZA7+D3uflXb4trKUo5arlHqHIk7olY6BffxnGN1KPldqGdixiSN6fjDYieLsEYx0e
                    lXjZqawdBROWemVvuZ1O2VOW8bmKhGKJCYTftwd8A2R0adPvMawvQfiIIPFsd+sww7Ckf+xQONyt
                    CnnWK/Dqt7ftjZ4Ti+ipYYfeCB8loE2TNeRxm14T+kMiEy1ndcMejCF2qBRGnxsHsGL8rTBERL6A
                    VfoLH6qwC+B9n0ZuEno/7Wwy6U6oEwRnTY8BjQeDcSMuZWkABxp229vaxgw4kQ==
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:NameID>90002</saml2:NameID>
        <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml2:SubjectConfirmationData Address="00DE0000000a9DJ" NotOnOrAfter="2012-07-05T09:58:10.294Z"
                                           Recipient="https://login.salesforce.com/?saml=02HKiPoin4gr4ppWRMCH41yrGvQeH1tcXUXlGVm9BG6McGb9pBhgU1ohfU"/>
        </saml2:SubjectConfirmation>
    </saml2:Subject>
    <saml2:Conditions NotBefore="2012-07-05T09:56:10.465Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:OneTimeUse/>
        <saml2:AudienceRestriction>
            <saml2:Audience>https://saml.salesforce.com</saml2:Audience>
        </saml2:AudienceRestriction>
    </saml2:Conditions>
    <saml2:AuthnStatement AuthnInstant="2012-07-05T09:56:10.465Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:AuthnContext>
            <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
        </saml2:AuthnContext>
    </saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>