Hi Braden !
I tried yours instruction above: "SECURITY_CONFIG": {
"requestedAuthnContext": false }
It solved problem,maybe!
But has a new error!
An error occurred.
Authentication failed: SAML login failed: ['invalid_response'] (Invalid
issuer in the Assertion/Response)
<https://lh3.googleusercontent.com/-kTTdFJ6ZQeE/WB8Q6C9PfrI/AAAAAAAAAHM/7vauxQpmvV4EJWYCzgHKS0ma1l8dH27KACLcB/s1600/Capture.JPG>
This is my SAML response:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
Destination="http://sp-hcmut.vn:8000/auth/complete/tpa-saml/";
ID="_134b443dce67f1b4cd4645a37b65f9e4"
InResponseTo="ONELOGIN_12252ec510136316ce950f2a33382f110989a5a9"
IssueInstant="2016-11-06T10:55:57.966Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_134b443dce67f1b4cd4645a37b65f9e4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>/C9k4/6oD79YVjJ2UX8TJ/BtZhwsvQhUSVTf1vJ1hhQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
F8iyL6C+vUTrxkTAAdnyaXztmCZFqxaVkTURD7gb9cMxZlo6VuSS1eJFw7kOr1aLK3XM0qHELBKe
CiaaKUFS+14WcBwzgJj36WzzT2dB95cQMI47xFbTJN5nP8Yk6riJE7SR4NCAnMIn4dj9HgSBmhLH
K1D9b5zk72GRS4obOAb0Fuvz/dNFh4gOmxv4++wGdI1Bds4326VyloWJTMPgShJ4DFokLx9ldTz/
vNMHtWYN66OurK9Kf8Oxaqi+aj6Mdlv38YJXF1GsRHF3wQoeYmSFeESYJtY+eb+2nF6U7Z7h2lvL
fKHkjrDuF2CH2pH2fYAl0frufCgKr2JP0HB2/A==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG
A1UEAwwMaWRwLWhjbXV0LnZuMB4XDTE2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG
A1UEAwwMaWRwLWhjbXV0LnZuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6
7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y
s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI
JMnsSWfnnx2+eTi87/pYudVmRs6/YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/
C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9
mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman
RKfg5o4wPAYDVR0RBDUwM4IMaWRwLWhjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv
c2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr
G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW
45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa
ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg
g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M
2Q==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status><saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>
<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_bc6eb3862cd6b26297f3518e4fe42403"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Id="_3acb09cb5c3e9ecb5f7cae320ac842ea"
Recipient="http://sp-hcmut.vn:8000";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC1jCCAj+gAwIBAgIJALbKmuXGyV3TMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJWSTEM
MAoGA1UECAwDSENNMQwwCgYDVQQHDANIQ00xDjAMBgNVBAoMBUhDTVVUMQwwCgYDVQQLDANlZHgx
DjAMBgNVBAMMBUhDTVVUMSowKAYJKoZIhvcNAQkBFhs0MTIwNDIxOXRoZXRydW9uZ0BnbWFpbC5j
b20wHhcNMTYxMDI3MTY0NTI1WhcNMjYxMDI3MTY0NTI1WjCBgzELMAkGA1UEBhMCVkkxDDAKBgNV
BAgMA0hDTTEMMAoGA1UEBwwDSENNMQ4wDAYDVQQKDAVIQ01VVDEMMAoGA1UECwwDZWR4MQ4wDAYD
VQQDDAVIQ01VVDEqMCgGCSqGSIb3DQEJARYbNDEyMDQyMTl0aGV0cnVvbmdAZ21haWwuY29tMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYR53GA1rs606WaNBu1S+E7L3s5+XjhA5x5UvqzxGl
dxhRmModYOY8pEMELaJOPiUt8XG4UvVX82z8tMgpTu2VTuZPf2n2zX8mVKWht1CsAKwhiuMvOODh
n5NpODbVV0waX68zIgzXcSyrEV30H66NsANMTaoIia8f/+ibp5kJMQIDAQABo1AwTjAdBgNVHQ4E
FgQUcZ99ZIb0ca+SEdxlD7phyNgthUEwHwYDVR0jBBgwFoAUcZ99ZIb0ca+SEdxlD7phyNgthUEw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7EXsQnaxuU9LdlywNEymxjA0NLXTe1vHR
4py2GmeeQFSUmf4jkH9GwVDCJS8l7AhcHd4c45N1CWlYtOfiDCRf1orW91AYIXpCKreSXo7xn1Mz
gpgVgPzJCZGdCjh5bhV8Cexyq9eSS/5O6SPRZV0kd4WacSPYaIdq9/aEGJHwsg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>e2HC9vvbqzLswQ+jCj3Xf/8cx2OxONqJ3mRF+W/Mg7Dal++7K8dK2XQ4dYWBs1UNytLRHRNskd2V
fRgBbk+GX89DdFJ4a7lPjf+IiWC2VvbNv+SbdBuV8YkrBJnnV2Ra3gzH9CRZrmubBcx+foeeCmBh
SZkp0lLY7ppKrvXdueg=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>72Xbw+wuG23Jvd5B0jmi75KfMv7TrYcV79ZybGkc/2wcOkX756qPE79Fc+NngvZ0+8cZiKpdk8j9
AO6ZA9Z/lpca3Sojxuv20mJrm2IdNxGyawGZqF5xvYvgeXHPaWiLWfWPjYPb5gBVhcGeQllycCKq
lhChEQiwClPRh/9/hlaQsimT0DhLBvvwHaglNawuzXJtvkz6KaGHS2l6Clcl56l8/lKNYq85iofq
XGzWMsSVLCzSkJ2iDX5zwskxaLsczEcTglEpgEK02/mUQ6qveWML7LAPOd+UB0fxKbnwYsSiu4le
TaCFxghddP1s+oufTy2ZeUYNZ4xUd2HSRM2IT3Sslxvc4P2BJQDEjJ0wczrH+J5nFfs3nTKmggbw
xlpUU1jX4QoQCRbtKG47ZWxmwHMYsblMq4q3dZoqWJNHLYv8UJ8jYVe2xpsk7zTWSn2RNjZKqIIr
ZfVYRpDKukbdbq6k3U4EZP2BPvvmh5Hwpg8pbo2aD/vfata4A0VEI8Pq/V47j0oOV5y6fEGjg7rg
eNAV4cVorNyRfDis/7FB59o93b738pqSTlvaSnqBvZk4JFUJaTbIlnyUd9ejvzpwf1z3PGIdFU1E
viEUyLzHr/SaS1MyqJtBa8gq0nhOKtjKp9cTi2OdL7LIQmw8ECwwBZVUwXtt0VY3Tt3VxY18O14W
qY1H45459ae9EKzJeIEEWH1nda8H+/foi3VUBMDvCqWogMnh2KbiATwtbVOEbR3+fECo1+C382fj
65/3TTJWXSLcPV+EHkc00qx2Q6HbLVgBBRIKgsEW4gVblzaq4KXGKun7H0DbXmviIfeB1TTjBnP+
lxPqiExYk2gbgOQOz1mcygkO1JsLH53Xo84ZecpgTUPXPNZb8irGPxjIv4KogTclOok4BT7o5I65
u4io1P8N+2k5iMqALhNJFBsnLyRV+nheQCsybY9GDGHDXnJvZ6sDfpxv0OQNmOiQGLte3WHdAR6/
adybbgXqToVxp7Kn6SA9i4Ve/jkcKdqqfedcGQX15fHJ2FJBXe4LpQj3QQRXOqUEPDQ/RZcN0R5j
sJtiNFT+tbV4gMDKNXaG2nMvwFbhz03ARRPJW6i37NZf+egNdsVnCHhQtXrp5D0uFS4jRxkUEP6P
/fWTZKgGbJarIxAPb+YnVTYV74DzMkkiDheKCNjWKvkui7Jav57ejsxbkPx6PRZ/ZuiQD3Qh5+Vq
UCU+jR245qYdwQ5SajMFBkkzgsrz1pBAz4/xA29qIohvosV0ssMBap1Cl9htph/sLY5fNYx8zRB3
RIqN3hCogPFvHtb7dHZD8qeobmmKdsfI5OrzhPjrmDChYgOstlakGKzgnft609tYlR37yR8Jm9W9
Gn5UtpUGFgknjxRxt8mcv/nYHFvvTwbIHRBeTuA0w8J6LnZdluwzJSoXJ8EhfMHgFByh7vld5vb2
oydDfQbFikdU2NNDk8eUFXxyzc91zTQbyrxo/pza3EwyisWl2q4Jov9enxNaxqmyuiqDLQqGSfIc
QIgiIxuLkESfk1Hhu4YmUyObpQ1y1vQ5JZ5IQyOH70yLpGrhDZTUPbnSoB+RgaWYJyPyrHKPSclw
YsBe/1BXtTuKw8CKtER2w4f8isz2cucgCS1c8aSW1Re+q74fuJThPe30LlKrALx3CHEn0s4jzVHc
fVwgY3BdD9E9709m9an7RTMMdshluIBQwI22ywtFpXKV8NRdvUNqBjUYJttS2C08Ie7uqnPmGgvY
xheRPD2/hheUJ0ka+KFMgGmPrYNrv+S8SgJ6CbzbeHRkMq6l30zvtLZ+kE0R4vqaCuRojEQlkKCb
jInSUUpLRy4IgIt3nmMtdFVYIQRcH56eAfE8kopbjOCIxo76NbgR0MEoaDSkbFTZI0Ldqp969DOK
A7ZbCM2wx5lTGl4wSMk8cx/CKkYilnzSHwAvSsQPrfJ82MDwg1xhX5OzGwLJJ7YNWgsr5tv8g2I6
pCUjmhgaWsn1wiIV4mBRl/qL54/52PYLLrtahUbNiDaaXgk/usWQ9QmuVhWlsO8g9Blb8lHeb7JY
wJRuNtFa1ulbAUQXVyy/7jt4Zydhrufu9CEUfi0tD8SQR5z1DUSR1Vex7rtoCS1Js3MWOt8l7OcQ
HuMS50ZflY8GDudiUpr15xBiwkhp2xZT/LGOapezeXllkJFycRgHqRfmX7ZEl8t4T3VNmui5liWN
rO0OI3I5qSwsl8yqKa3ZXqfxGSC0fYRocTN2GWuWepk9rpHsmL5JqHxlfPqGD1rSRJnXRRlZG2uK
/ouw/lBaZBs9ytnk6xHy9waEnkcV4FV75mBCnwIuERNLtMPjUeMq3dZpb4ndzbAwuLztlOcrB3gC
vRlkjo4koxXglZ5oqU+eMDL3oAUpj6kC8Uy2deI8VGrX90GcSouSzl0PhUMCPaAMXntuAijFQsdJ
hnHDr3lCh+6U3OsfQZuCtS77xilg6PnXwgOGVjSkUMJ9YhVYIpsnFnV3Fci5UPKL7Hj0znRlQmjT
Vo55FblrfrSgM+4+aedT5o8hgJPuV+YI/+aJFViYBUpthueUkN2WUCNu9Us8WGGbitDsSJ+JnWv/
GH4kVGC8n21rxe9LObSj2+8CyBGE/TtMIodx72Fr0Xhc6506dOcKFnWIgGcRXIhAxpW21d9e8a0O
+5jiyuV/lAw7vtzrw36ULeGYuACBcZ3FMJURvh1gzTkEIJY7NBhbjXrAylOAQ9omiD9xC9u0NBXZ
58vDq7XrQrfIIfh2kRtPqKSrnHkpLDITng/S3LEQw406pjszm4wSHjjSGgBEwuaF+TF0wuvQxBx2
rLE7fRVgdBRCLUN9uVnKgVnIq8vClRvD71dVSrb2BaSNhD5oDIVGpe6BG8VKqVNM5/q0ulxBMe/s
zsyMJbNeaz5HnrDPqst5sN84R4m3cAJiDeiJ1VR6MEUYI10PI0CUtHiI5PvBqQ/oC5tteJY+Pinr
nMMDOVxJA4kOUIwh2lU9Qaik6tae3baH3JCVGvldBrJN/vmUI1GYe0FHXkmNgvVF2jQWrPW10c1L
VpApbRCN8t7L2GKto+2ZAHNWffbRL0tOZYDJBvsxwlRcpwCBo94wWXcCD32rEq1OHcye/4Rj0FAy
QWenMc7QwxiD8aOL2oPa421jHHqRIQip30SNO6jfIUrtb4k8jFVSyBLx4nBDInn0GDco/QNYlbmv
bhOejTKrOWVTYT+e2DJ/7JyMUqEH11WxFj1rI6r0tQeoPwDM/YM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
I think,the reason that is" Assertion" is encrypted
(saml2:EncryptedAssertion).
Thank for your help,Braden!
Vào 04:37:23 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, Braden MacDonald đã
viết:
>
> Hi,
>
> Please read through this past thread and try the suggestions in there:
> https://groups.google.com/d/msg/openedx-ops/d-rmACND180/ZuLbMh9SIAAJ
>
> Let us know if that helps!
>
> --
> Braden
> @OpenCraft <http://opencraft.com/>
>
> On Sat, Nov 5, 2016 at 2:41 AM, truong nguyen <41204219...@gmail.com
> <javascript:>> wrote:
>
>> Hi everyone!
>> My purpose is use Shibboleth IdP v3 which installed in tomcat 8 server to
>> authenticate username/password.I have checked my IdP server (
>> http://idp-hcmut.vn) with Testshib,it's successfull.
>> Then I intergrated my Idp server (http://idp-hcmut.vn) to Edx,also
>> successfully,I follow these instruction:
>>
>> http://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/open-release-eucalyptus.master/configuration/tpa/index.html
>>
>> *Problem* is when I login into edx (register/sign in) use my IdP
>> server,It redirected me to my edx (it's ok) but Message:
>> *An error occurred.*
>>
>> *Authentication failed: SAML login failed: ['invalid_response'] (There is
>> no AttributeStatement on the Response)*
>>
>> my edx-server is http://sp-hcmut.vn:8000.
>>
>> Please help me solve problem!
>>
>>
>>
>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG>
>>
>>
>>
>>
>> <https://lh3.googleusercontent.com/-Rj3Y6DTfr1g/WB2pNYf4rfI/AAAAAAAAAGw/1QnA7TO0hCIUFCrCLIs4sFfo5PtKuGHdACLcB/s1600/error.JPG>
>>
>>
>>
>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "General Open edX discussion" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/5eb919eb-cd1e-44f6-9961-fe9cea563c7e%40googlegroups.com.
