Forget it - turns out that the IDs need to be all-letters. Sigh. Why isn't there a test service that will just tell you these things?
Chris On Jul 16, 12:40 pm, chriskl <[EMAIL PROTECTED]> wrote: > Hi, > > I'm having a problem with Google saying that the SAML response is > malformed. However, there is literally zero information given as to > the exact problem. > > Here is my webpage: > > <form name="acsForm" action="https://www.google.com/a/navitas.edu.au/ > acs" method="post"> > <textarea rows=10 cols=80 name="SAMLResponse"><?xml > version="1.0"?> > <samlp:Response xmlns="urn:oasis:names:tc:SAML: > 2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML: > 2.0:protocol" xmlns:xenc="http://www.w3.org/2001/04/ > xmlenc#" ID="e9957140-07c8-e410-27a6-c034d5a1bccb" > IssueInstant="2008-07-16T04:35:36Z" Version="2.0" > Destination="https://www.google.com/a/navitas.edu.au/acs"; > InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"> > <Signature xmlns="http://www.w3.org/2000/09/ > xmldsig#"> > <SignedInfo> > <CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> > <SignatureMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#dsa-sha1"/> > <Reference URI=""> > <Transforms> > <Transform Algorithm="http://www.w3.org/ > 2000/09/xmldsig#enveloped-signature"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/ > 2000/09/xmldsig#sha1"/> > <DigestValue>+V68HaThO31DMBvUHNVMlgtQtww=</ > DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>Ah53NcCb9LM+4rD0rRZGIo > +UV7WBH1ZQllwK6QF0NqUk+3tVa3wsfA==</SignatureValue> > <KeyInfo> > <KeyValue> > <DSAKeyValue> > <P> > /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imb > zRMqzVDZkVG9xD7nN1kuFw== > </P> > <Q> > li7dzDacuo67Jg7mtqEm2TRuOMU= > </Q> > <G> > Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMO > HCBiNU0NogpsQW5QvnlMpA== > </G> > <Y> > VMoV//Oh7VytBbZVySNmVZevV1bw7vmJwx5hHszeR25bforBFA19nk+3ehg6SgUj > WiXn7HsybemjRFs5x4+XFg== > </Y> > </DSAKeyValue> > </KeyValue> > </KeyInfo> > </Signature> > <samlp:Status> > <samlp:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> > </samlp:Status> > <Assertion xmlns="urn:oasis:names:tc:SAML: > 2.0:assertion" ID="70e553f0-0d6c-79f5-bf7d- > aeda5303e3a6" IssueInstant="2008-07-16T04:35:36Z" > Version="2.0"> > <Issuer>portal2.dev.local</Issuer> > <Subject> > <NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid- > format:emailAddress">_rsh</NameID> > <SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > <SubjectConfirmationData > Recipient="https://www.google.com/a/navitas.edu.au/acs"; > NotOnOrAfter="2008-07-16T04:45:36Z" > InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"/> > </SubjectConfirmation> > </Subject> > <Conditions NotBefore=" > 2008-07-16T04:30:36Z" NotOnOrAfter=" > 2008-07-16T04:45:36Z"> > <AudienceRestriction> > <Audience>https://www.google.com/ > a/navitas.edu.au/acs</Audience> > </AudienceRestriction> > </Conditions> > <AuthnStatement AuthnInstant=" > 2008-07-16T04:35:36Z"> > <AuthnContext> > <AuthnContextClassRef> > urn:oasis:names:tc:SAML: > 2.0:ac:classes:Password > </AuthnContextClassRef> > </AuthnContext> > </AuthnStatement> > </Assertion> > </samlp:Response> > > </textarea> > <textarea rows=10 cols=80 name="RelayState">https://www.google.com/ > a/navitas.edu.au/ServiceLogin?continue=http%3A%2F > %2Fpartnerpage.google.com%2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid > %3Dnavitas.edu.au%26url%3Dhttp%3A%2F%2Fpartnerpage.google.com > %2Fnavitas.edu.au&followup=http%3A%2F%2Fpartnerpage.google.com > %2Fnavitas.edu.au%2Fdefault%2Fpostlogin%3Fpid%3Dnavitas.edu.au%26url > %3Dhttp%3A%2F%2Fpartnerpage.google.com > %2Fnavitas.edu.au&service=ig&passive=true&cd=US&hl=en&nui=1&ltmpl=default&go=true&passive_sso=true > </textarea> > <input type="submit"> > </form> > > For the benefit of humans who find it hard to read html and url > escaped stuff, here are the two variables: > > SAMLResponse: > <?xml version="1.0"?> > <samlp:Response xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > ID="925b3a8a-d556-0737-6683-f1d4691f79ee" > IssueInstant="2008-07-16T04:39:19Z" Version="2.0" > Destination="https://www.google.com/a/navitas.edu.au/acs"; > InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/ > 2001/REC-xml-c14n-20010315#WithComments"/> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/ > xmldsig#dsa-sha1"/> > <Reference URI=""> > <Transforms> > <Transform Algorithm="http://www.w3.org/2000/09/ > xmldsig#enveloped-signature"/> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/2000/09/ > xmldsig#sha1"/> > <DigestValue>GLMg4/6hX2ykTYDYiYkoRfV/XWM=</ > DigestValue> > </Reference> > </SignedInfo> > <SignatureValue>kE4kR/ > Cvn6pRT6cqFd5yuxpJmRxM892pBwGQ2DmYedk169KPRzWjeQ==</SignatureValue> > <KeyInfo> > <KeyValue> > <DSAKeyValue> > <P> > /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imb > zRMqzVDZkVG9xD7nN1kuFw== > </P> > <Q> > li7dzDacuo67Jg7mtqEm2TRuOMU= > </Q> > <G> > Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMO > HCBiNU0NogpsQW5QvnlMpA== > </G> > <Y> > VMoV//Oh7VytBbZVySNmVZevV1bw7vmJwx5hHszeR25bforBFA19nk+3ehg6SgUj > WiXn7HsybemjRFs5x4+XFg== > </Y> > </DSAKeyValue> > </KeyValue> > </KeyInfo> > </Signature> > <samlp:Status> > <samlp:StatusCode Value="urn:oasis:names:tc:SAML: > 2.0:status:Success"/> > </samlp:Status> > <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > ID="260825ab-637c-41f1-1b3c-eb4607940c18" > IssueInstant="2008-07-16T04:39:19Z" Version="2.0"> > <Issuer>portal2.dev.local</Issuer> > <Subject> > <NameID Format="urn:oasis:names:tc:SAML: > 1.1:nameid-format:emailAddress">_rsh</NameID> > <SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > <SubjectConfirmationData > Recipient="https://www.google.com/a/navitas.edu.au/acs"; > NotOnOrAfter="2008-07-16T04:49:19Z" > InResponseTo="eahdbofnaodknppfbopgnbpbboplpmiknjpcbldh"/> > </SubjectConfirmation> > </Subject> > <Conditions NotBefore="2008-07-16T04:34:19Z" > NotOnOrAfter="2008-07-16T04:49:19Z"> > <AudienceRestriction> > <Audience>https://www.google.com/a/ > navitas.edu.au/acs</Audience> > </AudienceRestriction> > </Conditions> > <AuthnStatement AuthnInstant="2008-07-16T04:39:19Z"> > <AuthnContext> > <AuthnContextClassRef> > urn:oasis:names:tc:SAML: > 2.0:ac:classes:Password > </AuthnContextClassRef> > </AuthnContext> > </AuthnStatement> > </Assertion> > </samlp:Response> > > RelayState: > > https://www.google.com/a/navitas.edu.au/ServiceLogin?continue=http%3A... > > Any help would be appreciated, as well as if it's possible to see logs > of what's going wrong somewhere, and if there is in fact a SAML test > service available from Google. I actually find it rather surprising > that there isn't! > > Cheers, > > Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
