Salesforce Developer Community

Chatter

Feed
0

Best Answers
0

Likes Received
0

Likes Given
3

Questions
1

Replies

when i am using saml 2.0 i got an error like below aand how to find out signature value

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Version="2.0" IssueInstant="2012-07-20T06:5:17.364Z" Destination="https://login.salesforce.com">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">salesforce_idp_cert
</saml:Issuer>

<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status>

<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="1234" IssueInstant="2012-07-20T06:5:17.364Z" Version="2.0">

<saml:Issuer>salesforce_idp_cert</saml:Issuer>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#1234">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Xz8bJqroWKcnrUzBypQy87Z3fNU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>

</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIFBzCCA++gAwIBAgIQDJ4ihF+4VYzLxb+qASp7IzANBgkqhkiG9w0BAQUFADCBvDELMAk GA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbi BUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cud mVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMtVmVyaVNpZ24gQ2xhc3MgMyBJbnRl cm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4XDTExMTIwNzAwMDAwMFoXDTEzMTIwNzIzNTk 1OVowgY4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1TYW 4gRnJhbmNpc2NvMR0wGwYDVQQKFBRTYWxlc2ZvcmNlLmNvbSwgSW5jLjEUMBIGA1UECxQLQ XBwbGljYXRpb24xHTAbBgNVBAMUFHByb3h5LnNhbGVzZm9yY2UuY29tMIGfMA0GCSqGSIb3 DQEBAQUAA4GNADCBiQKBgQDMoSWW4dBiVScWbXno3C6n2+qR/0O+eE4lzT0Y1go53Pk+Skn 9sUu43Z+uZ8lOXDqmLiScTaB43ePbqIAUYimqCR9aYCLmSeNwhs68dsxcyDVqm5XIr2OZsr LikhNkKPno+0fuoyOWbA35kRxBFXL66tEYlF8ETIT6G3kqt7CGVwIDAQABo4IBszCCAa8wC QYDVR0TBAIwADALBgNVHQ8EBAMCBaAwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL1NWUklu dGwtRzMtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRsRzMuY3JsMEQGA1UdIAQ9MDswOQYLYIZ IAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYT AoBgNVHSUEITAfBglghkgBhvhCBAEGCCsGAQUFBwMBBggrBgEFBQcDAjByBggrBgEFBQcBA QRmMGQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA8BggrBgEFBQcw AoYwaHR0cDovL1NWUkludGwtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsRzMuY2VyMG4 GCCsGAQUFBwEMBGIwYKFeoFwwWjBYMFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruS iWBgy70FI4mymsSweLIQUYMCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xL mdpZjANBgkqhkiG9w0BAQUFAAOCAQEAVq0AapffwqicpyAu41f5pWDn7FPjgIt6lirqwo7t LRMpxFuYKIMg+wvioJQ8DJ8mNyw+JnZDPxdVjDSkE2Lb+5Z5P9vKbD833jqKP5vniMMvHRf tlkCqP/AI/9z6jomgQtfm3WbI7elTFJvDwA+/VdxgU86mKRpalMWDB545GxVFiO6AZ/8dvA poHVHTQBfrckk9JCrH++Wq3EmErKcxzsY8LItC8qCl5HtgJy160fII0ZdF8hV5vKlrHQpo9 1L0c1pn+z5RB+kt8GIreME2rU3WEmtZglBKrlw3ik0sXL2CO/GCAzbh7YWkEfXtE3GcGh7N xcHB+08lZiJzKwN/yg==
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>

<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" >amarendra.katakam99@gmail.com
</saml:NameID>

<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2013-07-20T05:23:17.364Z" Recipient="https://login.salesforce.com"/> </saml:SubjectConfirmation>
</saml:Subject>

<saml:Conditions NotBefore="2012-07-20T05:23:17.364Z" NotOnOrAfter="2013-07-20T05:23:17.364Z">

<saml:AudienceRestriction>

<saml:Audience>https://saml.salesforce.com</saml:Audience>

</saml:AudienceRestriction>

</saml:Conditions>

<saml:AuthnStatement AuthnInstant="2012-07-20T06:5:17.364Z" SessionIndex="1234"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion>
</samlp:Response>

Unexpected Exceptions

1. Validating the Status

2. Looking for an Authentication Statement

3. Looking for a Conditions statement

4. Checking that the timestamps in the assertion are valid

Timestamp of the response is outside of allowed time window

Current time is: 2012-08-10T11:55:11.961Z

Timestamp is: 2012-07-20T06:05:17.364Z

Allowed skew in milliseconds is 480000

Timestamp of the assertion is outside of allowed time window

Current time is: 2012-08-10T11:55:11.961Z

Timestamp is: 2012-07-20T06:05:17.364Z

Allowed skew in milliseconds is 480000

5. Checking that the Attribute namespace matches, if provided

Not Provided

6. Miscellaneous format confirmations

7. Confirming Issuer matches

8. Confirming a Subject Confirmation was provided and contains valid timestamps

9. Checking that the Audience matches, if provided

10. Checking the Recipient

11. Validating the Signature

Is the response signed? false

Is the assertion signed? true

The reference in the assertion signature is valid

Signature or certificate problems

The signature in the assertion is not valid

Is the correct certificate supplied in the keyinfo? false

12. Checking that the Site URL Attribute contains a valid site url, if provided

Not Provided

13. Looking for portal and organization id, if provided

Subject: amarendra.katakam99@gmail.com

AssertionId: 1234

amarendra
August 10, 2012
Like
0

1 replies

how to contact salesforce.com for territory management? please help me

please end the process

amarendra
August 10, 2012
Like
0

3 replies

How to install force.com ide plug in please help me, i got the below error when ever i am installing

Software being installed: Force.com IDE 25.0.0.201206181021 (com.salesforce.ide.feature.feature.group 25.0.0.201206181021)
Missing requirement: Force.com IDE 25.0.0.201206181021 (com.salesforce.ide.feature.feature.group 25.0.0.201206181021) requires 'org.eclipse.update.ui 0.0.0' but it could not be found

amarendra
July 13, 2012
Like
0

SOLVED

5 replies

SAML and Salesforce - Anyone with an example SAML?

Hi,

I'm trying to generate SAML according to Salesforce's documentation. After a full day of trying different tweaks I'm still stuck. My SAML (version 1.1) looks correct to me, but when I post it to Salesforce in a "SaMLResponse" field it logs the error "Failed: Assertion Invalid" along with the login name specified in the SAML. Does anyone know how to debug this, or perhaps a comparison to a working SAML response would help...

I tried using the SAML validator in Salesforce. It tells me everything is "ok" (in green) execpt for two things:

"6. Checking that the Attribute namespace matches, if provided" returns "Unknown"

"7. Miscellaneous format confirmations" returns "Unknown"

The validator did not return any red error messages, however I have no clue what the two Uknown messages mean.

I've tried different types of SSO configuration in Salesforce, both with a NameIdentifier and User ID is in an Attribute element, neither of the work, however Salesforce always logs the username in the logs - so that appears to be working.

Here's a sample SAML - if anyone has ideas on what's wrong I'd really appreciated it:

<samlp:Response IssueInstant="2009-06-07T18:26:42.8641119-07:00" MajorVersion="1" MinorVersion="1" Recipient="https://login.salesforce.com/?saml=EK03Almz90eBaMTm4Lf8DUU3._uQLw9jeP6QZwo.ASrEk7qB4.A.CkD.ICUbSDUnEEDQrlHtPJyJcn5mZX5bFMi4aInRUbd_Flvt1yAQmd08jWN6y6pWt6E3NC" ResponseID="12346626" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol">
<samlp:Status>
    <samlp:StatusCode Value="samlp:Success" />
</samlp:Status>
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="TestAnil8382" Issuer="MYISSUER" IssueInstant="2009-06-07T18:26:42.8641119-07:00" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
    <saml:Conditions NotBefore="2009-06-07T18:21:42.8641119-07:00" NotOnOrAfter="2009-06-07T18:36:42.8641119-07:00">
      <saml:AudienceRestrictionCondition>
        <saml:Audience>https://saml.salesforce.com</saml:Audience>
      </saml:AudienceRestrictionCondition>
    </saml:Conditions>
    <saml:AttributeStatement>
      <saml:Subject>
        <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sfUserLogin@gmail.com</saml:NameIdentifier>
        <saml:SubjectConfirmation>
          <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
        </saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Attribute AttributeName="MyLoginAttributeName" AttributeNamespace="http://myuri.com">
        <saml:AttributeValue>sfUserLogin@gmail.com</saml:AttributeValue>
      </saml:Attribute>
    </saml:AttributeStatement>
    <saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" AuthenticationInstant="2009-06-07T18:26:42.8641119-07:00">
      <saml:Subject>
        <saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sfUserLogin@gmail.com</saml:NameIdentifier>
        <saml:SubjectConfirmation>
          <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
        </saml:SubjectConfirmation>
      </saml:Subject>
    </saml:AuthenticationStatement>
</saml:Assertion>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="">
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>UIwW0FHhBNx4PiTLPi9nIRoJfI4=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>[Trimmed]</SignatureValue>
    <KeyInfo>
      <X509Data>
        <X509Certificate>[Trimmed]</X509Certificate>
      </X509Data>
    </KeyInfo>
</Signature>
</samlp:Response>

Anil_R
June 08, 2009
Like
0