Hi IS team,
I have configured a SAML SSO service provider (travelocity.com) in tenant
mode (ymc.com). My IS is running in cluster environment it's
https://mgt.is.wso2.com. When I was signing in to travelocity.com in the
SAML AuthnRequest the samlp:issuer is as follows :
<samlp:Issuer xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">
[email protected]</samlp:Issuer>
However in the SAML Response to the authentication request the saml2:issuer
is as follows:
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>localhost</saml2:Issuer>
May I know why the saml2:Issuer is localhost here? Do I need to do more
configurations to get it right? Can anyone explain please?
I have attached the full authentication request and response with the mail.
Thanks
--
*Nadeesha Meegoda*
Software Engineer - QA
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
email : [email protected]
mobile: +94783639540
<%2B94%2077%202273555>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://10.100.7.57:8080/travelocity.com/home.jsp";
Destination="https://mgt.is.wso2.com/samlsso";
ForceAuthn="false"
ID="0"
IsPassive="true"
IssueInstant="2015-09-30T05:06:21.512Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
>
<samlp:Issuer
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">[email protected]</samlp:Issuer>
<saml2p:NameIDPolicy xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AllowCreate="true"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
SPNameQualifier="Issuer"
/>
<saml2p:RequestedAuthnContext
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Comparison="exact"
>
<saml:AuthnContextClassRef
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
=======================================================================================================================================================================================================================================================================================================
<saml2p:Response Destination="http://10.100.7.57:8080/travelocity.com/home.jsp";
ID="gfghoadfnhdhbcomgmpjilgmmboadnmdaecdlefj"
InResponseTo="0"
IssueInstant="2015-09-30T05:06:44.293Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>localhost</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#gfghoadfnhdhbcomgmpjilgmmboadnmdaecdlefj">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>tKX0VEZnBftZJ33SMNutpd/RBsw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>IdoxIs9L5S/cWI7PZ5vqiCFEbxd8298UkcBKs6/xWJm9JYCZblcdeWTzuf7W5/aKnMqAnjlqN7ryrEri9WDmi6dINsQQqzyBWoOuczpMsuKIcR0pw3i/DkzycLcLwdoij1oMZAtaA1a8211xcpSEAQpePOmAqLV4ujydLJi/zqI=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICAzCCAWygAwIBAgIEb38jDjANBgkqhkiG9w0BAQQFADBGMRAwDgYDVQQDEwd5bWMuY29tMQ0wCwYDVQQLEwROb25lMRQwEgYDVQQKEwtOb25lIEw9Tm9uZTENMAsGA1UEBhMETm9uZTAeFw0xNTA4MjkwNjIxNDJaFw0yNTA5MjUwNjIxNDJaMEYxEDAOBgNVBAMTB3ltYy5jb20xDTALBgNVBAsTBE5vbmUxFDASBgNVBAoTC05vbmUgTD1Ob25lMQ0wCwYDVQQGEwROb25lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPWrZjdgaHwd8FDZaOm57wz2fxSW4umTuyw8E8PnNwCkZqIGpxkJGqfEOzXhP38A84a7fwXUfCZuwetgvkU4vfqhHieqI5OiA02pZpBzWkYjpg8By6YeJyK4Vy4hB6yq1gTCaerqffeAfXWI0ILog9iwJtbAgfJUDqU9j5XEnMxQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAE8GmwMaydEFMb8hzvXjkX2pdjZto4S5AqaERjigR5OCsvcnuqNPspuAMyy7AC6xRCkKOfhFEfFcAHhExpqCfqFcuEhfqc3tL89eDyf1sxfnaoCPSWjgo/TirWSaaxcT2JAcWfGh74S77CHC/m9rZ9ozaTJRhzNw5RYEbWNKJEqc</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_4b94240e5333393e22c9a5af92c820bb"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Id="_c12bf1649af2d8dd6a076c3ab0e92896"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>PUQ83Wj/kkZY3BcfRgsNEfMmmwlKiLWTakhhJWxZ1VsHqmKofgRq5/dYrvPWjV1ygXC2+XLoSjIoHj4d1i3xepFDPH1RryP9Ikis4JBdPCP8NUaI9+9hwmaG34KMedcBL9J20RkI7RodJWMjf9Pvt43C9K7F50Nzx6/fJG5BWgI=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>TC2nS2aNN6Qn4GhbAN9w4KSsVVJKqfyK0+iJCckN8DD+ijP2RWVnei9nTi3YquPPij4TmdunWTkaVBz6xhtxMQZqckIwOHI/nIgGlnyKhh01IYPPUNHvoVVbn5t5M2zl0s9xR09qk8sIHqhNZ5Y7QlyKmNxxF7YyEHXh6muYTXJ64Ur2bCGMdkq68JNRI+9CsHVn9ggCtV6c633zKLNFkEyQUVipfFIoJRql1OcjvRIw5d6OHzg1jQ1IgsRTuDGr27EnjxPV/5rxWZGDPaPRI2e5R8P4vic4dSO6jAvDfAJPE8LtSFyWvyy9i/rTBKsXYvqrbquMiO+I45A3EWJzHm2VFVXIhhzvBez3UqlPOJz1Te0m9SqjGGTbJzaNbAwT11r+PW/jViUsXJ+/okkx9NzqLHuf4QsBO8k6madpGmCU/RZN91ND/YqA8ATngKImcggKteXkODGqBrhE18Q++MrzY3TgMhTFM5TVK4v/TmUFYbvfAYu+pF+zLN6OVrpZqSBsJqPv2MgTHtodFIQ3w9Gz07ASwBb8E1kezV5v2CzWrLuaMqcqf/mz5aOqVMQj4lhLpmEXdboXOkhdAObtCwE5pcLGgEsFVN2Hgxd+ZodyDZ/6xb1IGU2i6+GGdXM/1jOg+DQNTJxGMqnBAunaebkUMwVKP6DFcvm8lrZ1AkK0HowoEG2qYMUreRdOnNvqsqGAzCu9MSs45g7tfUeZgDjusFIZY6WLJh9TA9tykBIIjRfA680FeW+qByj9X3uBOPT9/m38brhxhrl79ar4xYoTp3E6iJKHtg97O9I5K76Z3L8yN9YL1qGKcmd0OnKfHozLhj28gH8zsQb+9IKAdFp9dFvR03RQEBEHuMPZjh6zhoprERvohiUokhU62txQ79jPBtuB11D4BddFwXszksiWmnngiJuWohrFQT91QL7m5V+Ar3aEGVFdOxLPjRo+3ZO+Pkqa+LBn45a/Tl2cB1RIOAQRK2jbkUc/5LdERS0fk+Z5FPZpMQF8YRBChqHPs9Pme2dud+pvjvqM91lUA1OhKMPk+tyYAxUMP4YQlUbkdX8O7LzqvwdSul6h4ZvSC8AjMlNE7zACbUEulutCjhf5nbPy7BgAO0yaAY9bG7PkqVMjcaIz28RYBIZlKW8MhV+b5eTLowJbdWPxpOKWBQOG94UmtXXjJWwPGzpd+r+xWyizYtvKlDNQ/aQ2+gIGv1368lW8f/VerbYkB+wJPNKj4ZlgXO0Ip7kaawhuEM1dLVQ2OrATwQHUdrVILlQ/YHByOG6pTdlflDjlhRXzwYbxxDczJ9u5kyE+oSPVK5T8TBboR11kWq5EGysN/K6/074k5iu8o6lQ7x6oIQIMKM+wfZGeyhngxD/MAKrtiQXYiohuMBp7JExMXsGpcnWPE9b8DMcxQziosUT7ArScmbrnzcMKwsqUDhf+MBa5SoNRx0g9ZZw7tpsvLgd7RH+a8zuB2+0YEV0vj7RocZnip2IdTZ/wLwT1HVw46vV0or7QNl4ktndS41VD6qKVdq8FHZc6BGa2rSlODOiu6ATKHeyNxUO3s41vvO2l+8BrslLIu6yZIn8mZqJzQ6wBcv3CcZGQJsTFv0QDo5Jnr4F/xmWrMiniXNNf6R8ATNpYt/uYSQvFZ9cA9/FF1mb1+nZbRgeONpUVBKOoUZYOqbdEmtUKKs/e2SWtB4+HtgAatKpIAYRIxj/fRjgwOoTGwjUtXPJAAigeq1KvCRNHvtrkqWwyg2xSv4Dx3i7WvUFiPNab//vIFxjncaJp1i9jYWSCKVDRa3Rx7nAxL2OiF8/bTBDGMUCadlMwgIWCUYgrF9WkE6NKgE5iQ+xvBTrtMRf1EPx4hPCURpIrgK+SKb9LUY/9NLjHuLQy4ZuqhAZbPzByivxnfwIltv7iAGvgqBfa7VzYco9O0vkn0s3lJt3nNLDxydYZjPDm5LXuPWqZ2RBiBc8nynGOOUJYJzEY3ZNXk25OmlWZz6du62NHG8IUkhPEBFcrBJmK9OCvoBIJzledKzh6nhhl+JmOW4Bukv54HaO2RLQgF2KPz18iQQZTI3T4o0sTq5ea074u3zldgE4frcF3yuC5yPpDx8rV/ant4yEVb31Bf/fHjQYIeEbzJWWSLg7P0zFsKYPvJE93Wk7pYsCrY4dTx4CHCc1BBc24yCYAT/tMNGyq7JSfHc1VkQaCHtwP3PCTN4bdInjkBIi5E6FUVTagM9Jog5ZtZFrriu2fD1ITcmmNTto4SG9lqM7JV0FdmIM0tWMpXGkYmOO/Xg0RVYyLKn4j2YTGZXX9h9NvxnRp2zSgEfZbQvDeIckJpgOtipjj7RG5vKW1gfr4cA6q+NANz+QzkmoEjhkFbU8rN1HJ4R/2DSXPX9XYjCerKvy1aFH/bAWaKgvho6izSQnSyZGwu6Upt4ntPVOMECvzh5APjS+GE5gBAmCHLNc3mKb14jnTOel0enyEqydnuPQor6I0rjmBo2Ze2bKcBw3A9C1aGRcvtGSkXQVHr+932Z4HhCai+VKHzZHhY/w0ghRav0MUXMQfHGc5rUe9+xk0BdxRejz0mkKt+jM3UwqQtR2/ucC6oMqySs34z+yVG9iSiXUeoAAFMGL0N3h+aqNt2RL2cffmGAbWFIQGzw14kqgmpAS422mQikg9dKTn9ChoD+24ww+TUDrmoXPynRc9ML22h5ChnyqWj2r6jn3lDffTbRpyzE/fKu5cr4/CHpf49+RLWTgT4+kajLFp9uY55DRaYJEHQ8Vv2BjyOoIm/0HYLX/5MHbREZ8q36Wbqxd4LJHAU4cm5ZPEpOeF9KHcPVw/EHXBQAfIhsV1fPDeQK1Z+hADpN3ZIA0N9BSTqJ3RN2c9rkh81hrhQ6mLniDvC6Sfk1ktjkOzI670g0SehydSu1ovHvMVQwW7ngN4G4dTRHzfrFT95Ern5eQANwQTtMAxSYD+iLOer49aCufSapeNht0nPZoMwBON7aVIunDUgKJtNE0ahz/xi9GdAmvfQ4PYiSH/rZAlm0n9VYKiA4VIXq/h7bDS1X18EzyPyoqBzViLtKsMu9QaVx918leeCUX3XOdpQhm6OTrZegeyl99fVM8WaHIFCPn7U+4R1IuWE6ONK+nloJeF7kLUXy2YROLaFzIARF78D10+/Odrb1oNAneSmDqYCylHNYMj90Pfq64vByVebf+BVVYWMWv9SO1yneJ7e2nywFgf5K1kxCvOP5umJjoqDjyr+tOaK/ERJDeVHiYCzwXMCIyZaotkE7u47wPRvve8goHkS85r7S/XMDXv2L6ALn8oiEVkjlghr9gF/jCjPoTf8rMQ76AcfMhic6GQmE8YWzbH6f/VmBuAF2dRao40i32N1bqiuYYW+jFCjVUY3HjAh7oeuWNX8gT+LiuAVCa5QV/4gyZzKMTUnWhlV5DQp6RC6zRkSmOX3ttjwWEC2pxK0Pr0SwT7QQ4I4O1kNuGY4Aja0+9mn3jPqxHa944uq31LA+0xzFjsCh58JnnhmwrqZDQ7p0KLorXWnIvb2/ibXMeaSIlCwOVrZDI3hUO2YUy1+WFp/1BwJIAo2mpe5WiZ44QFa+wzivLPWbqUYO1ReNfpxC3Q0nT4EvtSFsN+vO6weuMO84Dc1n492Q7CwYFEdVIrL10/hfkHs6adRgUDDP7mEAs40r3cKrQ+mwt+PIjZ5deFnmajiueEjIBjQTxCkYSflOt6OK3PN0SagdYZiaVUzcbIbvZD6tv7OFrc6UaYTVbfYlMjUD6k0FFeyjCPCbIDUpk2MFHBZnfM0ILzclatbzC9+JbscaygS0+S9IYWSOVLUPn5HiOOOyLkgBTHjNx9r9vS9Olt/XFMdfZzT0ndVJ2lzisCfslGZZf9HY9AAJrMP3xxlEo3134TbxxTmeAp0dIASK7TKHIrMSSv6/utUi5cShk5AmO9ZWEElZ3WwJOs6ccT7yQAcpTLkyOItK3U</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
