SAML SSO與Google套件：「G Suite - 此帳戶無法訪問，因爲我們無法解析登錄請求。」

Question

我通過saml響應&來自我的python應用程序的Google SSO的RelayState參數。 我的SAML迴應是：

samlp：響應..

@xmlns:samlp:urn:oasis:names:tc:SAML:2.0:protocol 
@xmlns:saml:urn:oasis:names:tc:SAML:2.0:assertion 
@ID:_cfc7299955d2075f71b4f1fbc821f3ec2c17c1fd6b 
@Version:2.0 
@IssueInstant:2017-05-23T10:51:29Z 
@Destination:https://www.google.com/a/q3web.xyz/acs 
@InResponseTo:adkcgeadlnldphjjmkibfopehpmpomapchiamhip 
saml:issuerhttp://192.168.11.122:8000/saml2/idp/metadata.php 
- 
ds:signature .. 
    @xmlns:ds:http://www.w3.org/2000/09/xmldsig# 
    ds:signedinfo .. 
     ds:canonicalizationmethod 
      @Algorithm:http://www.w3.org/2001/10/xml-exc-c14n# 
     - 
     ds:signaturemethod 
      @Algorithm:http://www.w3.org/2000/09/xmldsig#rsa-sha1 
     - 
     ds:reference .. 
      @URI:#_cfc7299955d2075f71b4f1fbc821f3ec2c17c1fd6b 
      ds:transforms .. 
       ds:transform 
        @Algorithm:http://www.w3.org/2000/09/xmldsig#enveloped-signature 
       - 
       ds:transform 
        @Algorithm:http://www.w3.org/2001/10/xml-exc-c14n# 
       - 
      - 
      ds:digestmethod 
       @Algorithm:http://www.w3.org/2000/09/xmldsig#sha1 
      - 
      ds:digestvaluet25Qo2lZ7qBbW2uF/uVMBlugxsQ= 
      - 
     - 
    - 
    ds:signaturevalueMIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALNd029is/ZC83IR iCnQGIUYj+dHVODUzL3anFbQHBn0aDvnsUvgshaq1yrM5GFiHFDty+rJ+NVdoA1K vzX7IRkdDPvyXbcRhlrs+A+hPNd3QgDRQfEHdywrl6jde9D9o1HTi0NOAS1sMwWb onG2qEgygt2bCDTf7ibC8ZU3Hka3AgMBAAECgYBEucOk3yXjSt3qrAsHMmPiw3mH /Y3pI8BbUmMq5EyQKVSy92C4mRzDkKwnCyDKq4P8AlFq4f6FCn2j+irvrQyN5RJt 0e+oqNMHcwEimZmMX3ynjiWiRNHdqN0jQF5Iywr1qGKetltv5XqLjgGvN0rBETcF Lh6IngDJDtTHdMLDqQJBAOhddLROdXtKjeI70hUFGJxTP+jEnz4+ZiRekJ7QDznC gTiMcJNPzyKEHe8Sb8XgGkXPfCkr7gzE6jcppa/4H60CQQDFnFfIPo2/LcfH9sr2 K42K/Dhpshfn6BPL4ax1/gbZ/jrPiUbgzJsmuJG6EXALP28J6GEJGi6JF5vzx3a5 mbxzAkBR2kn4EgNUcQjV/ticSvVGbBUBO/IUjQqSGTW8m/IhGKFIeEBXxC9lK0EY LFhvTegzW0mTf0QV/2+6CtOwzyjpAkBM1nT/pOsi+l8jbuAOhnLcJyScXKaVAxWn glG385WgcA1YI23O/WAa10u6yQsDJKA9fwE0M90Ca461ZMrScmfnAkAbMYBnQ2cj PGEgDO3VjrThSUg2HMxY46+C9j99cbZp0Sy/Yw9iWwY/Upvi7/femXG2jkD0GuAI fwKkQ0/8ZBie 
    - 
    ds:keyinfo .. 
     ds:x509data .. 
      ds:x509certificateMIICbjCCAdcCAgPoMA0GCSqGSIb3DQEBBQUAMH8xCzAJBgNVBAYTAlVLMQ8wDQYD VQQIDAZMb25kb24xDzANBgNVBAcMBkxvbmRvbjEaMBgGA1UECgwRRHVtbXkgQ29t cGFueSBMdGQxGjAYBgNVBAsMEUR1bW15IENvbXBhbnkgTHRkMRYwFAYDVQQDDA1k aXZ5YS1kZXNrdG9wMB4XDTE3MDUyMzA5NDgxN1oXDTI3MDUyMTA5NDgxN1owfzEL MAkGA1UEBhMCVUsxDzANBgNVBAgMBkxvbmRvbjEPMA0GA1UEBwwGTG9uZG9uMRow GAYDVQQKDBFEdW1teSBDb21wYW55IEx0ZDEaMBgGA1UECwwRRHVtbXkgQ29tcGFu eSBMdGQxFjAUBgNVBAMMDWRpdnlhLWRlc2t0b3AwgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBAMahJMgelN7o5x1DQNEBHJy4cNxgAVF8eDuGIBhoMTZqUPPxYfAT dhJgd1UbW7NookbBQ/tGkdWfIWxCgjolyYN8tkldqXH2qbStYm2NL4cPz6jS4Ttw z+iOnzqvcEge6l4uB22Fk3RuQDdt5zQTAYpvj/yWQQE+JaKnBGsRq4PvAgMBAAEw DQYJKoZIhvcNAQEFBQADgYEARaQVFkMedAk5RjFujP27i28rrGu7t3Tj3fh3EJzL wa/zFzfIes5deieIxPjP95OM7tFKyItU8d7eV4kkFkrMo3YYc3UPu0XXShf+aiEY 9iqwFZltjBpS0M7gEGcUkLerjrH0Ql7D3ZAXTkbYfOK6PF+yeFTa/B47/BNZf66c IJ4= 
      - 
     - 
    - 
- 
samlp:status .. 
    samlp:statuscode 
     @Value:urn:oasis:names:tc:SAML:2.0:status:Success 
    - 
- 
saml:assertion .. 
    @xmlns:xsi:http://www.w3.org/2001/XMLSchema-instance 
    @xmlns:xs:http://www.w3.org/2001/XMLSchema 
    @ID:_ea810b23d9de66fc807e994cbe3ac9109fa420f7a2 
    @Version:2.0 
    @IssueInstant:2017-05-23T10:51:29Z 
    saml:issuerhttp://192.168.13.193:90/saml2/idp/metadata.php 
    - 
    ds:signature .. 
     @xmlns:ds:http://www.w3.org/2000/09/xmldsig# 
     ds:signedinfo .. 
      ds:canonicalizationmethod 
       @Algorithm:http://www.w3.org/2001/10/xml-exc-c14n# 
      - 
      ds:signaturemethod 
       @Algorithm:http://www.w3.org/2000/09/xmldsig#rsa-sha1 
      - 
      ds:reference .. 
       @URI:#_ea810b23d9de66fc807e994cbe3ac9109fa420f7a2 
       ds:transforms .. 
        ds:transform 
         @Algorithm:http://www.w3.org/2000/09/xmldsig#enveloped-signature 
        - 
        ds:transform 
         @Algorithm:http://www.w3.org/2001/10/xml-exc-c14n# 
        - 
       - 
       ds:digestmethod 
        @Algorithm:http://www.w3.org/2000/09/xmldsig#sha1 
       - 
       ds:digestvaluee32yH7wlMxxjWvbxLJIyofq5NkM= 
       - 
      - 
     - 
     ds:signaturevalueMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMahJMgelN7o5x1D QNEBHJy4cNxgAVF8eDuGIBhoMTZqUPPxYfATdhJgd1UbW7NookbBQ/tGkdWfIWxC gjolyYN8tkldqXH2qbStYm2NL4cPz6jS4Ttwz+iOnzqvcEge6l4uB22Fk3RuQDdt 5zQTAYpvj/yWQQE+JaKnBGsRq4PvAgMBAAECgYAZAdK6qzb89X+bbIsthSFQDdyP sjqYQr50aAeEayG/AxWcEMjOy/RyjdiYS3B5HvRHSi+/4/uaVIWFtr3kijtbbMAg bx99hJOntr41sbkUHDGuv3AFkytakiPyTRNU43EX8q8yWbn/TcmQ67yVtY8Qgmrx /5PwZudjjPYuCK6Z8QJBAORnz+zn5tryLYvDPEAFvM0Tn/l+RGFNL+8pfyQUMtS0 xq08ipiV1Ucq0Pj2jl7G3LmpTXqlybUM1/SEZL1dqScCQQDeoGjlQ1ar3GDc/lZh VmlTRzC+3bSoaWFsR/RqU+yfAWSgX4Ci05Rslksk4DhskJ61s2pORkxEIZ7IqVI5 ejv5AkEAmPWQwHW5G21N5Sg1RCbTfn8jBiFyR7s6W67tj0rbk6kQ2FkP9Al7kDJz ShdL1trUXJ2t3nICd/YG9aBoGo0LxwJBAJloH+AbjtXOflDKUeuxB9MC82wSijKi qydaTeoW+q5230hDhviso1JQHmfCuh7VaQf8IfzeJB+uqyPKyYYh3MECQEQiL+vE eegd4tA/zSthXcxBckLS3vwM0y4NlS401QFqiXhFzeVtn4KJYzAL4tD3G/ugBcWu 0t25UmbhOhNeJi0= 
     - 
     ds:keyinfo .. 
      ds:x509data .. 
       ds:x509certificateMIID6TCCAtGgAwIBAgIJAPTBIH87zmSFMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYDVQQGEwJRMzEQMA4GA1UECAwHSGFyeWFuYTEQMA4GA1UEBwwHR3VyZ2FvbjEUMBIGA1UECgwLUTMgSW5mb3RlY2gxEzARBgNVBAsMCk9wZW5Tb3VyY2UxCzAJBgNVBAMMAlEzMR8wHQYJKoZIhvcNAQkBFhBhZG1pbkBxM3RlY2guY29tMB4XDTE3MDUxNjA2MDE1N1oXDTI3MDUxNjA2MDE1N1owgYoxCzAJBgNVBAYTAlEzMRAwDgYDVQQIDAdIYXJ5YW5hMRAwDgYDVQQHDAdHdXJnYW9uMRQwEgYDVQQKDAtRMyBJbmZvdGVjaDETMBEGA1UECwwKT3BlblNvdXJjZTELMAkGA1UEAwwCUTMxHzAdBgkqhkiG9w0BCQEWEGFkbWluQHEzdGVjaC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBDrv//A+GV+jbnW9OIhRPM2i//gz5jnlRXMW4rxSKSnKWjxcURc7oRM284IZ2y8jgAJoMoHJQeumMg0QxPwGxoYEHTLuK9ulisE3LAlJA1od0m/YSSyeY3ZrWXS0TKR1Ehvi9jjzoecrPXdFGTQeeIIs+n/o3iMl8r+KSa0ykAuVW8HTQ4vBwATEQ6KbtxU1mxsOuTBb4RKkDZxoOJfLvkW+lv3eh1IlAMLy98xp9pFHnrfwZRL65m7fsUPh9/gCSlm6nGDnSydEHXRJ1znHbf7+D3d+FNphTXX8F3pNOXbhcge1aSAbUtx1hl8tQRpYVIUVpyTZcceniAkQHljohAgMBAAGjUDBOMB0GA1UdDgQWBBTVWhOSWEpJY3P6j8fiqCcfJzstTjAfBgNVHSMEGDAWgBTVWhOSWEpJY3P6j8fiqCcfJzstTjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBDgy7ch6bCFYUNf5Jjqv3NCFqvouq3yYTmu0GBuuttJVp/s8of4mu6RpUZCrvq3UP6tkMrNEeqKcniM9rUs4tLDPJgyZwh6gZFmDoXc4ODcSrdRfzASU1bh16AhIMp18fQ3PQupO+hjU25eDmgPAvB9L0TuiTocsUvTx0K/Ri/fBtcIbTSqrRX80YZ/8JzgQGr1i0sSAX0l4/zm3dkrYLDD+/JI0bwd4Z3kzBRXQETVHaLA30bD84LQLHNVJkybrfrOrLvfdsqjcmD16HF4nMFJeP7K2Ab93tEkeO9NNbD3XRpOSSCxMMIuqgSMgm7WFuXVPmCQrIBsXJa/ziAPqdR 
       - 
      - 
     - 
    - 
    saml:subject .. 
     saml:nameiddigupta 
      @SPNameQualifier:google.com 
      @Format:urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 
     - 
     saml:subjectconfirmation .. 
      @Method:urn:oasis:names:tc:SAML:2.0:cm:bearer 
      saml:subjectconfirmationdata 
       @NotOnOrAfter:2017-05-23T10:56:29Z 
       @Recipient:https://www.google.com/a/q3web.xyz/acs 
       @InResponseTo:adkcgeadlnldphjjmkibfopehpmpomapchiamhip 
      - 
     - 
    - 
    saml:conditions .. 
     @NotBefore:2017-05-23T10:50:59Z 
     @NotOnOrAfter:2017-05-23T10:56:29Z 
     saml:audiencerestriction .. 
      saml:audiencegoogle.com 
      - 
     - 
    - 
    saml:authnstatement .. 
     @AuthnInstant:2017-05-23T10:51:29Z 
     @SessionNotOnOrAfter:2017-05-23T18:51:29Z 
     @SessionIndex:_6a77305f32a09a41f85496e25ed10a418f5245a9d0 
     saml:authncontext .. 
      saml:authncontextclassrefurn:oasis:names:tc:SAML:2.0:ac:classes:Password 

繼電器狀態值爲： 'https://www.google.com/a/q3web.xyz/ServiceLogin?service=analytics&passive=true&rm=false&continue=https%3A%2F%2Fanalytics.google.com&ss=1&ltmpl=default&ltmplcache=2&emr=1&osid=1'

在試圖訪問谷歌的套房，我得到的迴應： 「 G Suite - 此帳戶無法訪問，因爲我們無法解析登錄請求。「

任何幫助，將不勝感激。

Answer 1

我不是電腦人，對編碼一無所知，但在設置了我的大學贊助的Gmail帳戶之後，我收到了同樣的「解析登錄」錯誤，無論我使用的是哪種瀏覽器或設備。在閱讀了十幾個討論編碼問題，Shibboleth不兼容，設備不兼容等問題的論壇之後，我瞭解到，只需清除瀏覽器緩存和Cookie即可解決問題。有人告訴我，這與我現有的登錄憑證有關，因爲這會影響訪問Gmail作爲新目的地的方式。我還被告知，每次我在大學更改主密碼時，我都會同樣清除我的緩存和Cookie，以便成功登錄我的大學贊助的Gmail。這不是對你的問題的直接回答，但也許這裏提供了一些線索給你的神祕。祝你好運。