Hi, I'm having a problem with Google saying that the SAML response is malformed. However, there is literally zero information given as to the exact problem.
Here is my webpage: <form name="acsForm" action="https://www.google.com/a/navitas.edu.au/ acs" method="post"> <textarea rows=10 cols=80 name="SAMLResponse"><?xml version="1.0"?> <samlp:Response xmlns="urn:oasis:names:tc:SAML: 2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML: 2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/ xmlenc#" ID="e9957140-07c8-e410-27a6-c034d5a1bccb" IssueInstant="2008-07-16T04:35:36Z" Version="2.0" Destination="https://www.google.com/a/navitas.edu.au/acs" InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"> <Signature xmlns="http://www.w3.org/2000/09/ xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http:// www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/ 2000/09/xmldsig#dsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/ 2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/ 2000/09/xmldsig#sha1"/> <DigestValue>+V68HaThO31DMBvUHNVMlgtQtww=</ DigestValue> </Reference> </SignedInfo> <SignatureValue>Ah53NcCb9LM+4rD0rRZGIo +UV7WBH1ZQllwK6QF0NqUk+3tVa3wsfA==</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P> /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imb zRMqzVDZkVG9xD7nN1kuFw== </P> <Q> li7dzDacuo67Jg7mtqEm2TRuOMU= </Q> <G> Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMO HCBiNU0NogpsQW5QvnlMpA== </G> <Y> VMoV//Oh7VytBbZVySNmVZevV1bw7vmJwx5hHszeR25bforBFA19nk+3ehg6SgUj WiXn7HsybemjRFs5x4+XFg== </Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <Assertion xmlns="urn:oasis:names:tc:SAML: 2.0:assertion" ID="70e553f0-0d6c-79f5-bf7d- aeda5303e3a6" IssueInstant="2008-07-16T04:35:36Z" Version="2.0"> <Issuer>portal2.dev.local</Issuer> <Subject> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid- format:emailAddress">_rsh</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData Recipient="https://www.google.com/a/navitas.edu.au/acs" NotOnOrAfter="2008-07-16T04:45:36Z" InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"/> </SubjectConfirmation> </Subject> <Conditions NotBefore=" 2008-07-16T04:30:36Z" NotOnOrAfter=" 2008-07-16T04:45:36Z"> <AudienceRestriction> <Audience>https://www.google.com/ a/navitas.edu.au/acs</Audience> </AudienceRestriction> </Conditions> <AuthnStatement AuthnInstant=" 2008-07-16T04:35:36Z"> <AuthnContext> <AuthnContextClassRef> urn:oasis:names:tc:SAML: 2.0:ac:classes:Password </AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion> </samlp:Response> </textarea> <textarea rows=10 cols=80 name="RelayState">https://www.google.com/ a/navitas.edu.au/ServiceLogin?continue=http%3A%2F %2Fpartnerpage.google.com%2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid %3Dnavitas.edu.au%26url%3Dhttp%3A%2F%2Fpartnerpage.google.com %2Fnavitas.edu.au&followup=http%3A%2F%2Fpartnerpage.google.com %2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid%3Dnavitas.edu.au%26url %3Dhttp%3A%2F%2Fpartnerpage.google.com %2Fnavitas.edu.au&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default&go=true&passive_sso=true </textarea> <input type="submit"> </form> For the benefit of humans who find it hard to read html and url escaped stuff, here are the two variables: SAMLResponse: <?xml version="1.0"?> <samlp:Response xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xenc="http:// www.w3.org/2001/04/xmlenc#" ID="925b3a8a-d556-0737-6683-f1d4691f79ee" IssueInstant="2008-07-16T04:39:19Z" Version="2.0" Destination="https:// www.google.com/a/navitas.edu.au/acs" InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/ 2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/ xmldsig#dsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/ xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/ xmldsig#sha1"/> <DigestValue>GLMg4/6hX2ykTYDYiYkoRfV/XWM=</ DigestValue> </Reference> </SignedInfo> <SignatureValue>kE4kR/ Cvn6pRT6cqFd5yuxpJmRxM892pBwGQ2DmYedk169KPRzWjeQ==</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P> /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imb zRMqzVDZkVG9xD7nN1kuFw== </P> <Q> li7dzDacuo67Jg7mtqEm2TRuOMU= </Q> <G> Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMO HCBiNU0NogpsQW5QvnlMpA== </G> <Y> VMoV//Oh7VytBbZVySNmVZevV1bw7vmJwx5hHszeR25bforBFA19nk+3ehg6SgUj WiXn7HsybemjRFs5x4+XFg== </Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML: 2.0:status:Success"/> </samlp:Status> <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="260825ab-637c-41f1-1b3c-eb4607940c18" IssueInstant="2008-07-16T04:39:19Z" Version="2.0"> <Issuer>portal2.dev.local</Issuer> <Subject> <NameID Format="urn:oasis:names:tc:SAML: 1.1:nameid-format:emailAddress">_rsh</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData Recipient="https://www.google.com/a/navitas.edu.au/acs"; NotOnOrAfter="2008-07-16T04:49:19Z" InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"/> </SubjectConfirmation> </Subject> <Conditions NotBefore="2008-07-16T04:34:19Z" NotOnOrAfter="2008-07-16T04:49:19Z"> <AudienceRestriction> <Audience>https://www.google.com/a/ navitas.edu.au/acs</Audience> </AudienceRestriction> </Conditions> <AuthnStatement AuthnInstant="2008-07-16T04:39:19Z"> <AuthnContext> <AuthnContextClassRef> urn:oasis:names:tc:SAML: 2.0:ac:classes:Password </AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion> </samlp:Response> RelayState: https://www.google.com/a/navitas.edu.au/ServiceLogin?continue=http%3A%2F%2Fpartnerpage.google.com%2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid%3Dnavitas.edu.au%26url%3Dhttp%3A%2F%2Fpartnerpage.google.com%2Fnavitas.edu.au&followup=http%3A%2F%2Fpartnerpage.google.com%2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid%3Dnavitas.edu.au%26url%3Dhttp%3A%2F%2Fpartnerpage.google.com%2Fnavitas.edu.au&service=ig&passive=true&cd=US&hl=en&nui=1<mpl=default&go=true&passive_sso=true Any help would be appreciated, as well as if it's possible to see logs of what's going wrong somewhere, and if there is in fact a SAML test service available from Google. I actually find it rather surprising that there isn't! Cheers, Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
