You need to sign in to do that
Don't have an account?
OpenAM & SalesForce SAML Assertion problem
I have configured OpenSSO-client.war SDK. Using this I can able get SAML assertion. But when I exchange this SAML Assetion with SalesForce I got following error message.
Auth response: {"error":"invalid_grant","error_URI":"https://na7.salesforce.comnull/setup/secur/SAMLValidationPage.apexp","error_description":"invalid assertion"}
when I validate SAML Assertion with SalesForce https://deepak-developer-edition.my.salesforce.com/setup/secur/SAMLValidationPage.apexp I got exception :
Unable to parse the response: Expect Root element is "Response"[saml:Assertion: null]
Do I need to convert this SAML assertion to response?
I have included the SAML assertion.
SAML assertion received by OpenAM from client SDK
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="uuid-2f287f2d-4fea-47de-9253-669b48b8fc1f" IssueInstant="2012-02-20T06:05:48Z"
Version="2.0">
<saml:Issuer>SunSTS</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#uuid-2f287f2d-4fea-47de-9253-669b48b8fc1f">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>8OQUfcSQLKXiTi4LCBZamvK0xsk=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
My1X6YPsaO08LJIT+0symAQEWvhfZqFxUuiHwJSGOvWVoHWbPQ//z74+oiM7iAEZTHc20NaMhJkC
jaek0bvd+HNV/n52FX3D0mw1mMvVxqKzVnAI/WNBUrvi5MJ5uSnRxEfW9pYdGnU6J4gF1ArbMZji
McUZCpxdQ5YO/T5dWDo=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
/FfwWigmrW0Y0Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID NameQualifier="SunSTS">id=deepakmule,ou=user,dc=opensso,dc=java,dc=net</saml:NameID>
<saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches">
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2012-02-20T06:05:48Z"
NotOnOrAfter="2012-02-20T06:10:48Z">
<saml:AudienceRestriction>
<saml:Audience>default</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2012-02-20T06:05:48Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:X509
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
Hello, do you get over this error somehow? Coz i am getting the same and cant understand whats wrong :(
if someone expirience the same problem, the working response is: