2015-12-28 110 views
0

我一直在嘗試使用SAML爲我們公司驗證Google應用。但我總是得到「此帳戶無法訪問,因爲登錄憑證無法驗證。」看來我的簽名是正確的,因爲我有它測試了https://www.samltool.com/validate_response.phpGoogle SAML SSO:此帳戶無法訪問,因爲無法驗證登錄憑證

響應:

<?xml 
version="1.0" 
encoding="UTF-8"?> 
<samlp:Response 
    ID="_fc7fc038e01043acd7d4" 
    IssueInstant="2015-12-28T04:57:37.087Z" 
    Version="2.0" 
    Destination="https://www.google.com/a/sellyx.com/acs" 
    InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej" 
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
    <ds:Signature 
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod 
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      <ds:SignatureMethod 
       Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <ds:Reference 
       URI="#_fc7fc038e01043acd7d4"> 
       <ds:Transforms> 
        <ds:Transform 
         Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
       </ds:Transforms> 
       <ds:DigestMethod 
        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
       <ds:DigestValue> 
        m0Lhn42KcGeOXuTdzMRY93MsPNY= 
       </ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/ 
      U6l8= 
     </ds:SignatureValue> 
    </ds:Signature> 
    <samlp:Status> 
     <samlp:StatusCode 
      Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> 
    </samlp:Status> 
    <Assertion 
     ID="_bba47c30283081e8468c" 
     IssueInstant="2003-04-17T00:46:02Z" 
     Version="2.0" 
     xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> 
     <Issuer>https://auth.sellyx.com/IDP</Issuer> 
     <Subject> 
      <NameID 
       Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected] 
      </NameID> 
      <SubjectConfirmation 
       Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
       <SubjectConfirmationData 
        Recipient="https://www.google.com/a/sellyx.com/acs" 
        NotOnOrAfter="2015-12-28T05:00:57.087Z" 
        InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/> 
      </SubjectConfirmation> 
     </Subject> 
     <Conditions 
      NotBefore="2015-12-28T04:54:17.087Z" 
      NotOnOrAfter="2015-12-28T05:00:57.087Z"> 
      <AudienceRestriction> 
       <Audience>https://www.google.com/a/sellyx.com/acs</Audience> 
      </AudienceRestriction> 
     </Conditions> 
     <AuthnStatement 
      AuthnInstant="2015-12-28T04:57:37.087Z"> 
      <AuthnContext> 
       <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef> 
      </AuthnContext> 
     </AuthnStatement> 
    </Assertion> 
</samlp:Response> 

回答

0

添加另一個信封簽名變換,然後解決問題。

+0

我得到相同的錯誤。當您說「添加另一個封套簽名轉換」時,您可否詳細說明一下? –