0
我一直在嘗試使用SAML爲我們公司驗證Google應用。但我總是得到「此帳戶無法訪問,因爲登錄憑證無法驗證。」看來我的簽名是正確的,因爲我有它測試了https://www.samltool.com/validate_response.phpGoogle SAML SSO:此帳戶無法訪問,因爲無法驗證登錄憑證
響應:
<?xml
version="1.0"
encoding="UTF-8"?>
<samlp:Response
ID="_fc7fc038e01043acd7d4"
IssueInstant="2015-12-28T04:57:37.087Z"
Version="2.0"
Destination="https://www.google.com/a/sellyx.com/acs"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#_fc7fc038e01043acd7d4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
m0Lhn42KcGeOXuTdzMRY93MsPNY=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/
U6l8=
</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion
ID="_bba47c30283081e8468c"
IssueInstant="2003-04-17T00:46:02Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://auth.sellyx.com/IDP</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected]
</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
Recipient="https://www.google.com/a/sellyx.com/acs"
NotOnOrAfter="2015-12-28T05:00:57.087Z"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/>
</SubjectConfirmation>
</Subject>
<Conditions
NotBefore="2015-12-28T04:54:17.087Z"
NotOnOrAfter="2015-12-28T05:00:57.087Z">
<AudienceRestriction>
<Audience>https://www.google.com/a/sellyx.com/acs</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement
AuthnInstant="2015-12-28T04:57:37.087Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
我得到相同的錯誤。當您說「添加另一個封套簽名轉換」時,您可否詳細說明一下? –