[google-apps-apis] Re: Error occured in integration of saml v2.0

Thu, 29 Nov 2007 04:03:09 -0800 

hi

i've executed below commands in openssl

1.openssl dsaparam -out dsaparam.pem 1024
2.openssl gendsa -out dsaprivkey.pem dsaparam.pem
3.openssl dsa -in dsaprivkey.pem -outform DER -pubout -out
dsapubkey.der
4.openssl pkcs8 -topk8 -inform PEM -outform DER -in dsaprivkey.pem -
out dsaprivkey.der -nocrypt
5.openssl req -new -x509 -key dsaprivkey.pem -out dsacert.pem

And in process_response.php

 $pubKey = 'keys/dsapubkey.der';
 $privKey = 'keys/dsaprivkey.pem';
 $keyType = 'dsa';

And the

$cmd =C:\libs\xmlsec-win32\xmlsec sign --privkey-cert keys/
dsaprivkey.pem --pubkey-cert keys/dsapubkey.key --output saml-response-
ecgbacfkpgaojkmebbhnphhpfpiknfbgimobpage.xml.out

tell me is there any thing wrong

On Nov 29, 4:49 pm, "Alex (Google)" <[EMAIL PROTECTED]> wrote:
> The KeyValue is empty.
>
> What was the exact sequence of openssl commands you executed?
>
> What did you change $privKey, $pubKey and $cmd to in
> process_response.php?
>
> -alex
>
> On Nov 29, 2:51 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> wrote:
>
>
>
> > Thank YOU for yor reply here i'm pasting saml response could pls check
> > this
>
> > "
> > <saml:Response ID="cimcldciieeamcbohoeonnodmbjjjageckoomhel"
> > IssueInstant="2007-11-29T05:55:46Z" Version="2.0" 
> > Destination="https://www.google.com/a/unifyingchurch.net/acs";
> > InResponseTo="nknijgmdifpfbohdabohmfegclfkhjaijpakoege"
> > xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:protocol" 
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
> >     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
> >         <SignedInfo>
> >             <CanonicalizationMethod Algorithm="http://www.w3.org/TR/
> > 2001/REC-xml-c14n-20010315#WithComments" />
> >             <SignatureMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#dsa-sha1" />
> >             <Reference URI="">
> >                 <Transforms>
> >                     <Transform Algorithm="http://www.w3.org/2000/09/
> > xmldsig#enveloped-signature" />
> >                 </Transforms>
> >                 <DigestMethod Algorithm="http://www.w3.org/2000/09/
> > xmldsig#sha1" />
> >                 <DigestValue></DigestValue>
> >             </Reference>
> >         </SignedInfo>
> >         <SignatureValue>SkoEIQ749Iq1YGm6P1YHu+6yns1wb7EMJwyB83xmk2RkIw
> > +//zYxjA==</SignatureValue>
> >         <KeyInfo>
> >             <KeyValue></KeyValue>
> >         </KeyInfo>
> >     </Signature>
> >         <saml:Status>
> >                 <saml:StatusCode 
> > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/
>
> >         </saml:Status>
> >         <Assertion ID="ffahdnefcokaiadnebihkkmbhkhhcilmifclphnj"
> > IssueInstant="2007-11-29T05:55:46Z" Version="2.0"
> >                 xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
> >                 <Issuer>unifyingchurch.net</Issuer>
> >                 <Subject>
> >                         <NameID Format='urn:oasis:names:tc:SAML:2.0:nameid-
> > format:emailAddress'>
> >                                 martini
> >                         </NameID>
> >                         <SubjectConfirmation 
> > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/
>
> >                 </Subject>
> >                 <Conditions NotBefore="2007-11-29T05:50:46Z"
> >                         NotOnOrAfter="2007-11-29T06:05:46Z">
> >                 </Conditions>
> >                 <AuthnStatement AuthnInstant="2007-11-29T05:55:46Z">
> >                         <AuthnContext>
> >                                 <AuthnContextClassRef>
> >                                         
> > urn:oasis:names:tc:SAML:2.0:ac:classes:Password
> >                                 </AuthnContextClassRef>
> >                         </AuthnContext>
> >                 </AuthnStatement>
> >         </Assertion>
> > </saml:Response>
>
> > "
>
> > I've generated the certificate by following the insrtructions in the
> > below url
>
> >http://code.google.com/support/bin/answer.py?answer=71864&topic=12142...
>
> > pls tell me is there any thing wrong.
>
> > On Nov 29, 1:59 pm, "Alex (Google)" <[EMAIL PROTECTED]> wrote:
>
> > > Hi Satya,
>
> > > Can you post or upload the SAMLResponse?  That error message usually
> > > indicates some problem with the SAMLResponse.
>
> > > -alex
>
> > > On Nov 27, 4:06 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> > > wrote:
>
> > > > Hi,
>
> > > > Please help me on this.
> > > > I integrated saml v2.0. In that I've created my own dsapublickey and
> > > > dsaprivate key. With both of these i've created dsa certificate and
> > > > i've uploaded it into the google apps.
> > > > After executing the sample demo code i got error like below :
>
> > > > "This account cannot be accessed because we could not parse the login
> > > > request.
> > > > We are unable to process your request at this time, please try again
> > > > later".
>
> > > > Please help me out of this problem. I have gone thru all previous
> > > > discussions which are posted on the same issue. I didnt find any
> > > > reasons.
>
> > > > Thank you.
>
> > > > regards,
>
> > > > satya- Hide quoted text -
>
> > > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Google Apps APIs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/google-apps-apis?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to