Sign Up ›
  • Jignesh Tank
  • NEWBIE
  • 0 Points
  • Member since 2016
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 1
    Replies
SOLVED
15 replies

SSO via SAML 2.0-->Invalid Page Redirection

I'm using OpenSSO to authenticate with my SF developer account.  According tothe SAML Validator my SAML response is good.  This is supported by the Login History, which shows a successful login for my user via SAML Idp Initiated SSO.  Still, instead of getting directed into SF after login, I get redirected to the following error page:

 

Invalid Page Redirection
The page you attempted to access has been blocked due to a redirection to an outside website or an improperly coded link or button. Please contact your salesforce.com Administrator for assistance.

Click here to return to the previous page.

Here's the SAML Response:

 

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2"
ID="s284c6b267aec8be2c66edcc163f7cf5a492522909"
IssueInstant="2010-03-07T01:21:18Z" Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
  http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="#s284c6b267aec8be2c66edcc163f7cf5a492522909">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>bbdtFNmHOCmOJDxBKRPBQMGWx/c=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>
    NyXQjGHDh7CEcmBaY5G8EcbP3nsALGkCR/dls5wy72hhvN4+EJlvD/fQuSIjxPrHl/nJJTXQJwwJ
    rJN6+8CBqBXPM+OAbfRzSY1MryIgi2gGxZgvYtve0VTIsJn+D86Uh6nJEbDODE9qlUEF+hpsZwgp
    qTehm8e0BzCRU8d0yNs=</SignatureValue>
    <KeyInfo>
      <X509Data>
        <X509Certificate>
        MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
        bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
        ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
        CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
        BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
        AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
        RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
        Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
        QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
        cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
        /FfwWigmrW0Y0Q==</X509Certificate>
      </X509Data>
    </KeyInfo>
  </Signature>
  <samlp:Status>
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success">
    </samlp:StatusCode>
  </samlp:Status>
  <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="s26d010fb96c415e8dd239c664b62a95b62ad186c3"
  IssueInstant="2010-03-07T01:21:18Z" Version="2.0">
    <saml:Issuer>
    http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer>
    <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
      NameQualifier="http://www.abazaindustries.com:8080/opensso_abaza"
      SPNameQualifier="https://saml.salesforce.com">
      xYNogS2tyRrH1DdZ1ASUD5BJZWlC</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

        <saml:SubjectConfirmationData NotOnOrAfter="2010-03-07T01:31:18Z"
        Recipient="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" />
      </saml:SubjectConfirmation>
    </saml:Subject>
    <saml:Conditions NotBefore="2010-03-07T01:11:18Z"
    NotOnOrAfter="2010-03-07T01:31:18Z">
      <saml:AudienceRestriction>
        <saml:Audience>https://saml.salesforce.com</saml:Audience>
      </saml:AudienceRestriction>
    </saml:Conditions>
    <saml:AuthnStatement AuthnInstant="2010-03-07T01:21:18Z"
    SessionIndex="s2632afd2c7d9eee1430c180dbc8ffc4e1891c3b01">
      <saml:AuthnContext>
        <saml:AuthnContextClassRef>
        urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
      </saml:AuthnContext>
    </saml:AuthnStatement>
    <saml:AttributeStatement>
      <saml:Attribute Name="ATTR_PHONE">
        <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:type="xs:string">555-555-5555</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
  </saml:Assertion>
</samlp:Response>