Thanks Ishara, setting thr random number in config solved the issue,
On Tue, Jan 14, 2014 at 3:19 PM, Pradeep Fernando <[email protected]> wrote: > Hi Ishara, > > Thanks for the patch. :) > Audience restriction is working fine. however claims seems to be not > working. I am using IS 4.6.0. > > below is my config and SAML response im getting. Is something wrong with > my config.. ? > > > <SSOIdentityProviderConfig> > <ServiceProviders> > <ServiceProvider> > <Issuer>console</Issuer> > <AssertionConsumerService> > https://localhost:9443/console/controllers/acs.jag > </AssertionConsumerService> > <UseFullyQualifiedUsernameInNameID>true</UseFullyQualifiedUsernameInNameID> > <SignResponse>true</SignResponse> > <SignAssertion>true</SignAssertion> > <EnableAttributeProfile>true</EnableAttributeProfile> > <IncludeAttributeByDefault>true</IncludeAttributeByDefault> > <Claims> > <Claim>http://wso2.org/claims/role</Claim> > </Claims> > <EnableAudienceRestriction>true</EnableAudienceRestriction> > <AudiencesList> > <Audience>https://localhost:9445/oauth2/token</Audience> > </AudiencesList> > </ServiceProvider> > </ServiceProviders> > </SSOIdentityProviderConfig> > > > > > <?xml version="1.0" encoding="UTF-8"?> > <saml2:Assertion ID="onegflcglhkcgcolageajagijpgjippfganmfokm" > IssueInstant="2014-01-14T09:44:54.303Z" Version="2.0" > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > <saml2:Issuer > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"> > https://localhost:9443/samlsso > </saml2:Issuer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI="#onegflcglhkcgcolageajagijpgjippfganmfokm"> > <ds:Transforms> > <ds:Transform Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"/> > > <ds:DigestValue>vACM+j+xfTOYkFy9CtFCgeJtSqM=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > > jCwg4vqYMQePr4HGbyYQ2WPn0bS7qKJ/iuIn/f/zHwBiou/ibfTbdshp3IJkXH3bfcqeNB5SMbFpYtvUNNsYAzfmv0spltizUuiy415KiPy1Z/71tvLlTkpuw4MarPAOC3vayQIohMRu9Vp8t/dp6hSEj+WBtHOXz8/lxffSM10= > </ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate> > > MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo= > </ds:X509Certificate> > </ds:X509Data> > </ds:KeyInfo> > </ds:Signature> > <saml2:Subject> > <saml2:NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml2:NameID> > <saml2:SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > <saml2:SubjectConfirmationData > InResponseTo="opllinmaahdgflfgilgkfmpoeijeknbnoclojbin" > > NotOnOrAfter="2014-01-14T09:49:54.303Z" > Recipient=" > https://localhost:9443/console/controllers/acs.jag"/> > </saml2:SubjectConfirmation> > </saml2:Subject> > <saml2:Conditions NotBefore="2014-01-14T09:44:54.303Z" > NotOnOrAfter="2014-01-14T09:49:54.303Z"> > <saml2:AudienceRestriction> > <saml2:Audience>console</saml2:Audience> > <saml2:Audience>https://localhost:9445/oauth2/token > </saml2:Audience> > </saml2:AudienceRestriction> > </saml2:Conditions> > <saml2:AuthnStatement AuthnInstant="2014-01-14T09:44:54.309Z" > SessionIndex="f12b0e77-6ff6-4c31-8b57-d28f82820555"> > <saml2:AuthnContext> > > <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> > </saml2:AuthnContext> > </saml2:AuthnStatement> > </saml2:Assertion> > > > > > > > > On Tue, Jan 14, 2014 at 2:36 PM, Ishara Karunarathna <[email protected]>wrote: > >> Hi Pradeep, >> >> >> >> >> On Fri, Jan 10, 2014 at 5:15 PM, Pradeep Fernando <[email protected]>wrote: >> >>> Hi, >>> >>> we can register SP s via sso-idp-config.xml. However we cant configure >>> things such audience restrictions/etc. >>> >> I have created >> org.wso2.stratos.identity.saml2.sso.mgt. 2.2.1 >> org.wso2.stratos.identity.saml2.sso.mgt.ui 2.2.1 >> components with adding the missing configurations. >> >>> >>> We are in need of the functionality for stratos upcoming release. Is it >>> possible to sync up the config file capabilities with that of UI. IMHO, we >>> should move the functionality to identity component. >>> >> Yes we will check possibility of adding these components under identity >> components with next IS release >> >>> >>> thanks, >>> --Pradeep >>> >>> >>> >> Thanks, >> Ishara >> -- >> Ishara Karunarathna >> Software Engineer >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94 >> 718211678 >> > > > > -- > *Pradeep Fernando* > Associate Technical Lead;WSO2 Inc.; http://wso2.com > > blog: http://pradeepfernando.blogspot.com > m: +94776603662 > -- *Pradeep Fernando* Associate Technical Lead;WSO2 Inc.; http://wso2.com blog: http://pradeepfernando.blogspot.com m: +94776603662
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
