Hi Greg, The URL in the <Audience> tag should not be surrounded by quotes.
Also, please verify that the private key used to sign the document and the public key uploaded are the same pair. To learn more about this issue, please visit: http://code.google.com/apis/apps/faq.html#credentialserror Please let me know if that solves your problem. Thanks, --Tony On Oct 7, 1:44 pm, Greg <[EMAIL PROTECTED]> wrote: > Can anyone see what I'm doing wrong here? I've looked at a ton of > documentation, so I must be scanning right over something obvious. > > Thanks. > > SAMLResponse: > > <samlp:Response ID="cjbnocmhnhpjomijopkfiibdoklolgniehpdnfef" > IssueInstant="2008-10-07T20:03:10Z" Version="2.0" > xmlns="urn:oasis:names:tc:SAML:2.0:assertion" > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><Signature > xmlns="http://www.w3.org/ > 2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- > > sha1" /><Reference URI=""><Transforms><Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /></ > Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/ > xmldsig#sha1" /><DigestValue>2GhxFuyr45LwNTrflB02y+dBEJs=</ > DigestValue></Reference></SignedInfo><SignatureValue>wP/ > Vbw6RSVpSsGcq5ceiIPNpWCJ8Tns6yYeeLGZ > +vNXKy6SqAHE63HHrGRsTuboK19t5mO7NVblj69CTDuTKCLvhCQUPjlyBXNsyeSKqAWmt8xLWve > UFTs1eDoYwgwSFhAolSP7tO3TmY1fsHUEywbBxAC26p > +dt2iiKeq/POWk=</ > SignatureValue><KeyInfo><X509Data><X509Certificate>MIICAjCCAWugAwIBAgIQYNp4 > u8e4IKFFs9Yw > +pyQvjANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDEw1FeHRyYWxlYXJuaW5nMB4XDTA4MTAwMzE > 3MzIxNVoXDTM5MTIzMTIzNTk1OVowGDEWMBQGA1UEAxMNRXh0cmFsZWFybmluZzCBnzANBgkqhk > iG9w0BAQEFAAOBjQAwgYkCgYEAw9D4EXuMV8/ > iXVbc/zxsG4TdpdKBThRRtKrAVtEKJ7i8wCIQtfXrOdej/gCT > +KqVVOqwXV4eXZLLx4bkQ3TKP6g5+hfGAU5AyKbaHJ84YT/HcpUXKStp8BpIZQ0n/ > 3CwulTasBWscJ9umgxFm/ > rMOILc8P2sKdBIsFEw6AB0aKcCAwEAAaNNMEswSQYDVR0BBEIwQIAQqEHeCl3kJ25mDcvyZB > +HMaEaMBgxFjAUBgNVBAMTDUV4dHJhbGVhcm5pbmeCEGDaeLvHuCChRbPWMPqckL4wDQYJKoZIh > vcNAQEEBQADgYEAIkgeRaymOKCov0xlJv007ZdAYzyqFtDrfhzBmitdbByzGGW2W6iD0ru/ > +Qv/026FQUskCuhHKH9Veadbl3pAx4LMnD7c/ > 4uFx4vRoBMFKWMyQwsTMs7RxFlcGv2txDKx83K7qTF60zNcoWC/epIORJUMvHaH/ > 6vcRjZ6+zDO0qQ=</X509Certificate></X509Data></KeyInfo></ > Signature><samlp:Status><samlp:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ > samlp:Status><Assertion ID="dddeagnjifggmalhlhkeagafibfblgbkmhepeimh" > IssueInstant="2003-04-17T00:46:02Z" Version="2.0" > xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>https://www.opensaml.org/IDP > </Issuer><Subject><NameID > Format="urn:oasis:names:tc:SAML:2.0:nameid- > format:emailAddress"> > gdunn > </NameID><SubjectConfirmation > Method="urn:oasis:names:tc:SAML: > 2.0:cm:bearer"><SubjectConfirmationData > Recipient="https://www.google.com/a/extralearning.us/asc"; > NotOnOrAfter="2008-10-08T20:03:10Z" > InResponseTo="gogilppjcjcknlcjbgpjkglblggncnpghgkjppnc"></ > SubjectConfirmationData></SubjectConfirmation></Subject><Conditions > NotBefore="2008-10-06T20:03:10Z" > NotOnOrAfter="2008-10-08T20:03:10Z"><AudienceRestriction><Audience>"https:/ > /www.google.com/a/extralearning.us/asc"</Audience></AudienceRestriction></Conditions><AuthnStatement > AuthnInstant="2008-10-07T20:03:10Z"><AuthnContext><AuthnContextClassRef> > > urn:oasis:names:tc:SAML:2.0:ac:classes:Password > > </AuthnContextClassRef></AuthnContext></AuthnStatement></ > Assertion></samlp:Response> > > RelayState:: > > http://mail.google.com/a/extralearning.us --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Apps APIs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-apps-apis?hl=en -~----------~----~----~----~------~----~------~--~---
