- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我在实现 Ping Federate 时遇到此问题
Error - Single Sign-On
Single sign-on authentication was unsuccessful (reference # TAELHKAD).
Please contact your system administrator for assistance regarding this error.
Partner: localhost:default:entityId
Target Resource: http://sp-connection.com
但是服务器日志没有显示任何错误消息/指示:
16:32:32,854 DEBUG [IntegrationControllerServlet] GET: https://localhost:9031/idp/startSSO.ping
16:32:32,856 DEBUG [IdpAdapterSupportBase] IdP Adapter Selection disabled, performing legacy adapter selection.
16:32:32,859 DEBUG [InterReqStateMgmtMapImpl] Object removeAttr(key: null, name: NUMBER_OF_ATTEMPTS): null
16:32:32,860 DEBUG [AttributeMap] Ignoring attempt to add null value to attribute map for context.TargetResource
16:32:32,860 DEBUG [AttributeMapping] Source attributes:{not-before=2014-05-26T10:47:32Z, authnContext=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, subject=joe, userId=joe, context.AuthenticationCtx=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, context.ClientIp=127.0.0.1, not-on-or-after=2014-05-26T10:52:32Z, renew-until=2014-05-26T22:47:32Z, password=test, context.HttpRequest=/idp/startSSO.ping} Resulting attributes:{SAML_SUBJECT=joe}
16:32:32,862 DEBUG [TrackingIdSupport] [cross-reference-message] PFSessionXRefID:MzqNiwww3_exb1uk7K60oH69Wzx
16:32:32,863 DEBUG [IdpSessionRegistryMapImpl] registerSessionIssued: authnbean a6fff81d8b37477eb3f90824fdc8f2d3adb847c2 | assertion id MzqNiwww3_exb1uk7K60oH69Wzx
16:32:32,863 DEBUG [IdpSessionRegistryMapImpl] registerAuthnBean IdpHashableAuthnBean: a6fff81d8b37477eb3f90824fdc8f2d3adb847c2 with session id PedsaJJVNrmTayLjKvIOvz. Session now has 15 beans associated with it.
16:32:32,863 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:sbwb-ppc-idp subject:joe
16:32:32,885 DEBUG [LoggingInterceptor] Transported Response. OutMessageContext:
OutMessageContext
XML: <samlp:Response Version="2.0" ID="pvQGJNnQ3P22J_J_uBSMckj1jVd" IssueInstant="2014-05-26T10:47:32.856Z" Destination="https://localhost:9031/sp/ACS.saml2" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pvQGJNnQ3P22J_J_uBSMckj1jVd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xPhSc53rXySUbxdfq0vHG0pvuq4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>qoEICv2FFgDuif8G0KVli2KWykvLbnu4jzIZRViS4WAyPuVKaxHik0Zg6cp5yX0ns4PRjcGH4KZP
UkZTMZ5P3mLOAgvy7AUX02vsQSs9hFqNlmDbgH7r9c3UyIdl4OGf/FC1Rcse7Z5FIfkJnUc9yu5q
AE9Dl7CsWNe0uzbLpkQ=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="MzqNiwww3_exb1uk7K60oH69Wzx" IssueInstant="2014-05-26T10:47:32.861Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://localhost:9031/sp/ACS.saml2" NotOnOrAfter="2014-05-26T10:52:32.861Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-05-26T10:42:32.861Z" NotOnOrAfter="2014-05-26T10:52:32.861Z">
<saml:AudienceRestriction>
<saml:Audience>sbwb-ppc-idp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="MzqNiwww3_exb1uk7K60oH69Wzx" AuthnInstant="2014-05-26T10:47:32.860Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
entityId: sbwb-ppc-idp (SP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Endpoint: https://localhost:9031/sp/ACS.saml2
SignaturePolicy: BINDING_DEFAULT
16:32:32,942 DEBUG [ProtocolControllerServlet] ---REQUEST (POST)/sp/ACS.saml2 from 127.0.0.1:
---PARAMETERS---
SAMLResponse:
PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9InB2UUdKTm5RM1AyMkpfSl91QlNNY2tqMWpWZCIgSXNzdWVJbnN0YW50PSIyMDE0LTA1LTI2VDEwOjQ3OjMyLjg1NloiIERlc3RpbmF0aW9uPSJodHRwczovL2xvY2FsaG9zdDo5MDMxL3NwL0FDUy5zYW1sMiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmxvY2FsaG9zdDpkZWZhdWx0OmVudGl0eUlkPC9zYW1sOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiNwdlFHSk5uUTNQMjJKX0pfdUJTTWNrajFqVmQiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz4KPGRzOkRpZ2VzdFZhbHVlPnhQaFNjNTNyWHlTVWJ4ZGZxMHZIRzBwdnVxND08L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6U2lnbmF0dXJlVmFsdWU+CnFvRUlDdjJGRmdEdWlmOEcwS1ZsaTJLV3lrdkxibnU0anpJWlJWaVM0V0F5UHVWS2F4SGlrMFpnNmNwNXlYMG5zNFBSamNHSDRLWlAKVWtaVE1aNVAzbUxPQWd2eTdBVVgwMnZzUVNzOWhGcU5sbURiZ0g3cjljM1V5SWRsNE9HZi9GQzFSY3NlN1o1Rklma0puVWM5eXU1cQpBRTlEbDdDc1dOZTB1emJMcGtRPQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8L2RzOlNpZ25hdHVyZT48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gSUQ9Ik16cU5pd3d3M19leGIxdWs3SzYwb0g2OVd6eCIgSXNzdWVJbnN0YW50PSIyMDE0LTA1LTI2VDEwOjQ3OjMyLjg2MVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6SXNzdWVyPmxvY2FsaG9zdDpkZWZhdWx0OmVudGl0eUlkPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5qb2U8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBSZWNpcGllbnQ9Imh0dHBzOi8vbG9jYWxob3N0OjkwMzEvc3AvQUNTLnNhbWwyIiBOb3RPbk9yQWZ0ZXI9IjIwMTQtMDUtMjZUMTA6NTI6MzIuODYxWiIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE0LTA1LTI2VDEwOjQyOjMyLjg2MVoiIE5vdE9uT3JBZnRlcj0iMjAxNC0wNS0yNlQxMDo1MjozMi44NjFaIj48c2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sOkF1ZGllbmNlPnNid2ItcHBjLWlkcDwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBTZXNzaW9uSW5kZXg9Ik16cU5pd3d3M19leGIxdWs3SzYwb0g2OVd6eCIgQXV0aG5JbnN0YW50PSIyMDE0LTA1LTI2VDEwOjQ3OjMyLjg2MFoiPjxzYW1sOkF1dGhuQ29udGV4dD48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
16:32:32,942 DEBUG [BindingFactory] POST
with Params: [SAMLResponse]
assume binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
from: 127.0.0.1
Referer: https://localhost:9031/idp/startSSO.ping?PartnerSpId=sbwb-ppc-idp&IdpAdapterId=sbwbinstance&opentoken=T1RLAQJ-xGLJVNYpt6wbFuBEdkTdV_H7ExDDab6qMWCtnsV-8a8MiZQoAACgJ8IrzSTee9EIMxp11drk1ECkiKk5ogNZpGTfMN64-QOJsNBdeMKeU-L3-iD0HjNKDFOoTFVbhtUr20WUp22RVpp8KtvErnHQ984ZAj9AD5h4DU_OVA1cpDDcF9zZVqC_EpLZkUoK3vH9oj5B0cBpIM7QpIOVys4YZXx6-83C7RgpoWg7nAFK_Yx0JtnrS7Nd-bc8EVcVIdSUhVcsSxBAnQ**
AuthType: null
Content-Type: application/x-www-form-urlencoded
16:32:32,955 DEBUG [LoggingInterceptor] Received InMessageContext:
InMessageContext
XML: <samlp:Response Version="2.0" ID="pvQGJNnQ3P22J_J_uBSMckj1jVd" IssueInstant="2014-05-26T10:47:32.856Z" Destination="https://localhost:9031/sp/ACS.saml2" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pvQGJNnQ3P22J_J_uBSMckj1jVd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xPhSc53rXySUbxdfq0vHG0pvuq4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>qoEICv2FFgDuif8G0KVli2KWykvLbnu4jzIZRViS4WAyPuVKaxHik0Zg6cp5yX0ns4PRjcGH4KZP
UkZTMZ5P3mLOAgvy7AUX02vsQSs9hFqNlmDbgH7r9c3UyIdl4OGf/FC1Rcse7Z5FIfkJnUc9yu5q
AE9Dl7CsWNe0uzbLpkQ=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="MzqNiwww3_exb1uk7K60oH69Wzx" IssueInstant="2014-05-26T10:47:32.861Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://localhost:9031/sp/ACS.saml2" NotOnOrAfter="2014-05-26T10:52:32.861Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-05-26T10:42:32.861Z" NotOnOrAfter="2014-05-26T10:52:32.861Z">
<saml:AudienceRestriction>
<saml:Audience>sbwb-ppc-idp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="MzqNiwww3_exb1uk7K60oH69Wzx" AuthnInstant="2014-05-26T10:47:32.860Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
entityId: localhost:default:entityId (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SignatureStatus: VALID
Binding says to sign: true
16:32:32,965 WARN [AudienceEvaluator] no protocol: sbwb-ppc-idp when checking audience sbwb-ppc-idp against https://localhost:9031
16:32:32,966 WARN [ValidateWebSsoResponse] Invalid assertion
Assertion (MzqNiwww3_exb1uk7K60oH69Wzx) Status: INVALID
Remarks:
Assertion audience condition validation failed, expecting localhost:default:entityId or a URL with the same hostname as the base URL (https://localhost:9031) in all audience restriction conditions.
16:32:32,967 DEBUG [TrackingIdSupport] [cross-reference-message] entityid:null subject:null
16:32:32,968 WARN [HandleAuthnResponse] Invalid response: InMessageContext
XML: <samlp:Response Version="2.0" ID="pvQGJNnQ3P22J_J_uBSMckj1jVd" IssueInstant="2014-05-26T10:47:32.856Z" Destination="https://localhost:9031/sp/ACS.saml2" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pvQGJNnQ3P22J_J_uBSMckj1jVd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xPhSc53rXySUbxdfq0vHG0pvuq4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>qoEICv2FFgDuif8G0KVli2KWykvLbnu4jzIZRViS4WAyPuVKaxHik0Zg6cp5yX0ns4PRjcGH4KZP
UkZTMZ5P3mLOAgvy7AUX02vsQSs9hFqNlmDbgH7r9c3UyIdl4OGf/FC1Rcse7Z5FIfkJnUc9yu5q
AE9Dl7CsWNe0uzbLpkQ=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="MzqNiwww3_exb1uk7K60oH69Wzx" IssueInstant="2014-05-26T10:47:32.861Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://localhost:9031/sp/ACS.saml2" NotOnOrAfter="2014-05-26T10:52:32.861Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-05-26T10:42:32.861Z" NotOnOrAfter="2014-05-26T10:52:32.861Z">
<saml:AudienceRestriction>
<saml:Audience>sbwb-ppc-idp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="MzqNiwww3_exb1uk7K60oH69Wzx" AuthnInstant="2014-05-26T10:47:32.860Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
entityId: localhost:default:entityId (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SignatureStatus: VALID
Binding says to sign: true
-------------------------------------
(reference# RMCQDOUY) Response contains no valid assertions: [
Assertion (MzqNiwww3_exb1uk7K60oH69Wzx) Status: INVALID
Remarks:
Assertion audience condition validation failed, expecting localhost:default:entityId or a URL with the same hostname as the base URL (https://localhost:9031) in all audience restriction conditions. ]. InMessageContext
XML: <samlp:Response Version="2.0" ID="pvQGJNnQ3P22J_J_uBSMckj1jVd" IssueInstant="2014-05-26T10:47:32.856Z" Destination="https://localhost:9031/sp/ACS.saml2" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">localhost:default:entityId</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pvQGJNnQ3P22J_J_uBSMckj1jVd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xPhSc53rXySUbxdfq0vHG0pvuq4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>qoEICv2FFgDuif8G0KVli2KWykvLbnu4jzIZRViS4WAyPuVKaxHik0Zg6cp5yX0ns4PRjcGH4KZP
UkZTMZ5P3mLOAgvy7AUX02vsQSs9hFqNlmDbgH7r9c3UyIdl4OGf/FC1Rcse7Z5FIfkJnUc9yu5q
AE9Dl7CsWNe0uzbLpkQ=</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="MzqNiwww3_exb1uk7K60oH69Wzx" IssueInstant="2014-05-26T10:47:32.861Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>localhost:default:entityId</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">joe</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient="https://localhost:9031/sp/ACS.saml2" NotOnOrAfter="2014-05-26T10:52:32.861Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-05-26T10:42:32.861Z" NotOnOrAfter="2014-05-26T10:52:32.861Z">
<saml:AudienceRestriction>
<saml:Audience>sbwb-ppc-idp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="MzqNiwww3_exb1uk7K60oH69Wzx" AuthnInstant="2014-05-26T10:47:32.860Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>
entityId: localhost:default:entityId (IDP)
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SignatureStatus: VALID
Binding says to sign: true
-------------------------------------
我有以下配置:
data.zip
作为 PF 的基础。我被困在这个协议(protocol)端点:https://localhost:9031/sp/ACS.saml2
问题
任何提示/线索将不胜感激。谢谢。
最佳答案
server.log 指出错误是什么:
16:32:32,965 WARN [AudienceEvaluator] no protocol: sbwb-ppc-idp when checking audience sbwb-ppc-idp against https://localhost:9031
16:32:32,966 WARN [ValidateWebSsoResponse] Invalid assertion
Assertion (MzqNiwww3_exb1uk7K60oH69Wzx) Status: INVALID
Remarks:
Assertion audience condition validation failed, expecting localhost:default:entityId or a URL with the same hostname as the base URL (https://localhost:9031) in all audience restriction conditions.
SAML 响应已正确生成,但您的 SP 期望的受众值与您发送的受众值不同。您的 IDP 生成的受众值为:
<saml:Audience>sbwb-ppc-idp</saml:Audience>
但它期望收到localhost:default:entityId
我注意到您现在已经打开了一些有关基本设置的案例。您是否已与您的 Ping 解决方案架构师联系以帮助回答其中一些问题?
关于single-sign-on - Ping 联邦 : Single sign-on authentication was unsuccessful,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23868629/
我们有一个客户想要通过他们的 CRM 数据库并以某种方式确定有效的电话号码,而实际上没有人坐在那里尝试给他们打电话。 有没有办法在电话号码(包括固定电话)上做类似于“ping”的事情? 最佳答案 您将
我知道 ICMP 请求包含 IP 地址。客户端 MAC 地址是否包含在 ICMP 请求中? ping 请求中包含哪些其他信息(如果有)? 最佳答案 ICMP“ping”数据包,正式称为“echo re
据我所知,Ping 命令使用 ICMP 请求 那么是否可以直接从命令行发送带有 ping 命令的短文本? 最佳答案 怎么样ping -p pattern ?请记住,并非所有版本的 ping支持 -p选
我有一个需要持续网络监控的 Android 应用程序,我需要在有互联网和没有互联网时收到通知。我试过 Android 连接管理器,它只告诉互联网 wifi 是否已连接,但不告诉是否有可达性。所以我
我需要检查延迟的服务器拒绝 PING 请求,是否有另一种方法来检查我到服务器的延迟?提前致谢。 最佳答案 使用基于 TCP 的 ping。 如果您可以访问 Windows 框,请使用 http://t
我在 Linux 系统上不允许使用“ping”应用程序(ping:icmp 打开套接字:不允许操作)。但是,我正在编写的脚本(PHP,但如果需要,我可以对任何脚本/程序使用 exec() 调用)需要确
我想创建将通过 ping IP 列表进行验证的 bash 脚本 问题是尽管我将 ping 定义如下,但 ping 到任何地址都需要几秒钟(以防没有 ping 应答): Ping –c 1 126.7
最近几周我做了相当多的研究试图创建一个连接诊断工具,我不太想只检查连接是否可用而是诊断是否存在抖动、数据包丢失等.. 到目前为止,Java 似乎不支持真正的 ICMP 请求,并且有一些解决方法,但没有
我有一个域名要测试。 Ping 约为 20 毫秒。 “HTTP HEAD”约为 500 毫秒。 为什么他们之间有这么大的区别?这是服务器端的问题吗?是不是差别太大了? 25 次。 最佳答案 好吧,首先
我想在 ping 主机后获取 ping 执行时间和结果字符串。我该怎么做? 最佳答案 long currentTime = System.currentTimeMillis(); boolean is
我有以下代码: $Servers = "8.8.8.8" $TimeStart = Get-Date $TimeEnd = $TimeStart.AddMinutes(1) Do { Fore
例如,我输入 ping www.domain.com,我想要的输出如下: 64 bytes from yyy.xxx.com (www.domain.com): icmp_seq=32 ttl=52
在某些设备上,二进制 /system/bin/ping 似乎已被删除。当我通过 USB 连接设备并输入 adb shell ping 它说: /system/bin/sh: ping: not fou
您好,我需要使用 Java 代码执行 PING 命令并获取 ping 主机的摘要。如何用 Java 实现? 最佳答案 按照 viralpatel 的规定,您可以使用 Runtime.exec() 下面
我正在学习 C 中的 ping 实现。问题是,我使用原始套接字来接收数据包。对于所有数据包,我们在 ICMP header 中都有一个标识值。 我在多个终端运行ping。 例如,我在三个终端中运行三个
例如在Windows 7下命令的输出 ping -n 1 ::1 正在关注: Pinging ::1 with 32 bytes of data: Reply from ::1: time<1ms P
我正在制作一个 bash 脚本来配置我们使用的一些设备,但我试图在其中进行登录,换句话说.. 当脚本开始检查日期、时间、用户和其他值,然后 > 这个值到远程服务器中的 csv。 我需要 ping 来检
概念上的区别是什么?是的,我意识到它们都应该产生相似的结果,但我认为环回的想法是它实际上并没有到达堆栈的传输步骤。如果那是真的那么为什么 ping 你自己的 ip 工作得那么快? ping 您自己的地
我正在尝试连接到 Java 中的 URL,看看它们是否有效,我想知道是否需要连接到 HTTPS(端口 443?)或者仅连接到 HTTP(端口 80)就足够了。 连接到 HTTPS 网站是否有效?我应该
我正在尝试 ping 从 192.168.1.1 到 192.168.1.254 的 IP 地址。首先,我使用 InetAddress 类,但它被窃听了,有些 IP 即使可以访问也无法访问。之后我尝试
我是一名优秀的程序员,十分优秀!