+ Start a Discussion
FinnArildFluidoFinnArildFluido 

Salesforce and simpleSAMLphp problems

Hi - I have tried different setups, using simpleSAMLphp as SP and salesforce as IP, but i get redirected to something that gives me "Insufficient Privileges". I feel that I am very close if I can just figure out why I get redirected. Here's my log from simpleSAMPphp:

 

May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] Session: 'default-sp' not valid because we are not authenticated.
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] Saved state: '_90ed317d1ccd2b692f0629878be311928cf57be629'
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] Sending SAML 2 AuthnRequest to 'https://finn45demo-dev-ed.my.salesforce.com'
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] Sending message:
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_90ed317d1ccd2b692f0629878be311928cf57be629" Version="2.0" IssueInstant="2013-05-07T08:54:03Z" Destination="https://finn45demo-dev-ed.my.salesforce.com/idp/endpoint/HttpPost" AssertionConsumerServiceURL="http://saml.finnarild.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997]   <saml:Issuer>https://finn45demo-dev-ed.my.salesforce.com</saml:Issuer>
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997]   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true"/>
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] </samlp:AuthnRequest>
May 07 10:54:03 simplesamlphp DEBUG [f21d75a997] Redirect to 743 byte URL: https://finn45demo-dev-ed.my.salesforce.com/idp/endpoint/HttpPost?SAMLRequest=lZJbaxsxEIX%2FyqL3Xe2u49gWtsGNKTHksthuH%2FpSZGm2FuhWjZTLv4%2B8m0L60ECfBEfznZk5zBK50Z5tUjzbPfxOgLF4MdoiGz5WJAXLHEeFzHIDyKJgh839HWurmvngohNOkw%2FI5wRHhBCVs6TYbVfk56IGOWlmshFCtqfrRdvX1%2B1iPpufYNI0i3Yu%2BunsBFkjxXcImMkVyUYZR0ywsxi5jVmqm0lZT8t6dqznbHrF6skPUmzzNsryOFDnGD0ySntl7dVUgnGlhKcSZGVeK%2BQasHdBQCWcoUp6ClZ6p2yktxnsHEZSbP5Mf%2BMsJgPhAOFJCfi2vxv9s%2F0lg%2BrSgwel5eCGyvhsnz%2BocTJpqPzZD4UUx7ctucBBldDzpGOJnhTde7xflJXK%2Fvo82dNYhOz2eOzK7vFwJOvlxZsNSYX1f%2By%2FpB%2FB5XgiD7nlbts5rcRr8dUFw%2BO%2FJ2qqZlCULPuhlCWLHoTqFcgcpNbu%2BSYAj7AiMSQgdD02%2FfsU128%3D&RelayState=http%3A%2F%2Fsaml.finnarild.com%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Ddefault-sp

 

Can anyone with an eye see what's wrong - or point me to a configuration that has already this set up? Thanks, Finn Arild.