1. 首页
  2. 问答
  3. Google SAML SSO:此帐户无法访问,因为无法验证登录凭证

Google SAML SSO:此帐户无法访问,因为无法验证登录凭证

2015-12-28 91 views
0

我一直在尝试使用SAML为我们公司验证Google应用。但我总是得到“此帐户无法访问,因为登录凭证无法验证。”看来我的签名是正确的,因为我有它测试了https://www.samltool.com/validate_response.phpGoogle SAML SSO:此帐户无法访问,因为无法验证登录凭证

响应:

<?xml 
version="1.0" 
encoding="UTF-8"?> 
<samlp:Response 
    ID="_fc7fc038e01043acd7d4" 
    IssueInstant="2015-12-28T04:57:37.087Z" 
    Version="2.0" 
    Destination="https://www.google.com/a/sellyx.com/acs" 
    InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej" 
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> 
    <ds:Signature 
     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod 
       Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
      <ds:SignatureMethod 
       Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
      <ds:Reference 
       URI="#_fc7fc038e01043acd7d4"> 
       <ds:Transforms> 
        <ds:Transform 
         Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
       </ds:Transforms> 
       <ds:DigestMethod 
        Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
       <ds:DigestValue> 
        m0Lhn42KcGeOXuTdzMRY93MsPNY= 
       </ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/ 
      U6l8= 
     </ds:SignatureValue> 
    </ds:Signature> 
    <samlp:Status> 
     <samlp:StatusCode 
      Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> 
    </samlp:Status> 
    <Assertion 
     ID="_bba47c30283081e8468c" 
     IssueInstant="2003-04-17T00:46:02Z" 
     Version="2.0" 
     xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> 
     <Issuer>https://auth.sellyx.com/IDP</Issuer> 
     <Subject> 
      <NameID 
       Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected] 
      </NameID> 
      <SubjectConfirmation 
       Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
       <SubjectConfirmationData 
        Recipient="https://www.google.com/a/sellyx.com/acs" 
        NotOnOrAfter="2015-12-28T05:00:57.087Z" 
        InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/> 
      </SubjectConfirmation> 
     </Subject> 
     <Conditions 
      NotBefore="2015-12-28T04:54:17.087Z" 
      NotOnOrAfter="2015-12-28T05:00:57.087Z"> 
      <AudienceRestriction> 
       <Audience>https://www.google.com/a/sellyx.com/acs</Audience> 
      </AudienceRestriction> 
     </Conditions> 
     <AuthnStatement 
      AuthnInstant="2015-12-28T04:57:37.087Z"> 
      <AuthnContext> 
       <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef> 
      </AuthnContext> 
     </AuthnStatement> 
    </Assertion> 
</samlp:Response>

来源

2015-12-28 Baiyu Liu

回答

0

添加另一个信封签名变换,然后解决问题。

来源

2015-12-28 06:13:58

+0

我得到相同的错误。当您说“添加另一个封套签名转换”时,您可否详细说明一下? –

相关问题

 相关问题