I am trying to integrate pingfedearte-6.6.0 with salesforce.
My Aim is Active Directory Users wants to enter into the Salesforce.(ie., IdP-initiated SSO).
I have created the Digital Signing certificate in Ping federate. In Salesforce i have enabled the SSO settings and filled the details of SSO settings. Imported the Digital signed certificate in SSO settings. When i access the SSO endpoint url https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://saml.salesforce.com through browser im getting the issue like,
Login Error Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.”
I thought because of domain is not created in Salesforce facing this issue. So, I have created the Domain in Salesforce and provided the Endpoint URL as https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://https://testidam-dev-ed.my.salesforce.com. But still i am facing the issue.
When i validate the SAML assertion in the SAMl Validator i got the Following Message.
Unexpected Exceptions
Ok
1. Validating the Status
Ok
2. Looking for an Authentication Statement
Ok
3. Looking for a Conditions statement
Ok
4. Checking that the timestamps in the assertion are valid
Current time is after notOnOrAfter in Conditions
Current time is: 2012-08-09T09:35:11.301Z
Time limit in Conditions, adjusted for skew, is: 2012-08-09T09:28:41.471Z
Timestamp of the response is outside of allowed time window
Current time is: 2012-08-09T09:35:11.301Z
Timestamp is: 2012-08-09T09:20:41.437Z
Allowed skew in milliseconds is 480000
Timestamp of the assertion is outside of allowed time window
Current time is: 2012-08-09T09:35:11.301Z
Timestamp is: 2012-08-09T09:20:41.469Z
Allowed skew in milliseconds is 480000
5. Checking that the Attribute namespace matches, if provided
Not Provided
6. Miscellaneous format confirmations
Ok
7. Confirming Issuer matches
Ok
8. Confirming a Subject Confirmation was provided and contains valid timestamps
Ok
9. Checking that the Audience matches, if provided
Ok
10. Checking the Recipient
Ok
11. Validating the Signature
Is the response signed? false
Is the assertion signed? true
The reference in the assertion signature is valid
Signature or certificate problems
The signature in the assertion is not valid
Is the correct certificate supplied in the keyinfo? false
I asked one of our Product Support Engineers, Can Yagli, to get in touch with you. He tells me that he contacted you, set up a WebEx, and got it sorted.
Help is always available with PingFederate. You can open a ticket here.
I asked one of our Product Support Engineers, Can Yagli, to get in touch with you. He tells me that he contacted you, set up a WebEx, and got it sorted.
Help is always available with PingFederate. You can open a ticket here.
thanks