Thanks, the error message seems to come from the ADFS server. Could you intercept the SAML process? For firefox there is a plugin called 'SAML Tracer', getting the output of that could give us some hints.
-- Erik On Tue, May 10, 2016 at 10:35 PM, Igor S. Lopes <[email protected]> wrote: > Hi, thank you for your answer. Here is the translated error message: > > System.Xml.XmlException: MSIS0018: The SAML protocol message cannot be > read because it contains data that is not valid. ---> > System.ArgumentException: ID4128: The value is not a valid SAML ID. > Parameter name: value ---> System.Xml.XmlException: Name cannot begin with > the '7' character, hexadecimal value 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > --- End of inner exception stack trace --- > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > --- End of inner exception stack trace --- > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader > reader) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader > reader, NamespaceContext context) > em > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String > encodedSamlMessage) > em > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri > baseUrl, NameValueCollection collection) > em > Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri > requestUrl, NameValueCollection form) > em > Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest > httpRequest) > em > Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest > request, ProtocolContext& protocolContext) > em > Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest > request) > em > Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest > request, ProtocolContext& protocolContext, PassiveProtocolHandler& > protocolHandler) > em > Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext > context) > > System.ArgumentException: ID4128: The value is not a valid SAML ID. > Parameter name: value ---> System.Xml.XmlException: Name cannot begin with > the '7' character, hexadecimal value 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > --- End of inner exception stack trace --- > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > > System.Xml.XmlException: Name cannot begin with the '7' character, > hexadecimal value 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > There is a huge chance that I configured something wrong. > > Igor Steuck Lopes > > > ----- Mensagem original ----- > De: "Erik Weber" <[email protected]> > Para: "users" <[email protected]> > Enviadas: Terça-feira, 10 de maio de 2016 17:24:13 > Assunto: Re: ADFS + CloudStack problem > > I haven't tried since I wrote that post, but it worked back then. > > Any chance that you could translate the error messages? > > Erik > > Den tirsdag 10. mai 2016 skrev Igor S. Lopes <[email protected]> > følgende: > > > Hi, > > I am working with CloudStack and I'm indending to use it as a Service > > Provider connected through SSO with our Active Directory Federation > Service > > . > > I have no Idea how to allow CloudStack to authenticate on the ADFS . > > I tried to follow this guide > > > http://www.terbolo.us/2015/06/how-to-set-up-apache-cloudstack-4-5-24-6-0-and-saml-2-0-authentication-against-microsoft-adfs/ > > but > > a few problems showed up: > > > > 1 - Even though I had set the URL metadata to https:// > <domain>/FederationMetadata/2007-06/FederationMetadata.xml > > when I checked /var/log/cloudstack/management/management-server.log > > for error messages I saw a few saying that CloudStack couldn't retrieve > > the metadata file. So I did it manually. > > > > 2 - I configured the ADFS claims as showed in the 'how-to' but the > > following error message shows up on my ADFS Event Logs. I already spent a > > couple hours browsing about this error but > > nothing really usefull came up: > > > > Error code: 364 > > (...) > > System.Xml.XmlException: MSIS0018: Não é possível ler a mensagem do > > protocolo SAML porque ela contém dados inválidos. ---> > > System.ArgumentException: ID4128: O valor não é um ID de SAML válido. > > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode > > ser iniciado pelo caractere '7', valor hexadecimal 0x37. > > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > > exceptionType) > > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > --- Fim do rastreamento de pilha de exceções internas --- > > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > em > > > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > > reader, SamlMessage message) > > --- Fim do rastreamento de pilha de exceções internas --- > > em > > > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > > reader, SamlMessage message) > > em > > > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader > > reader) > > em > > > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader > > reader, NamespaceContext context) > > em > > > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String > > encodedSamlMessage) > > em > > > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri > > baseUrl, NameValueCollection collection) > > em > > > Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri > > requestUrl, NameValueCollection form) > > em > > > Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest > > httpRequest) > > em > > > Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest > > request, ProtocolContext& protocolContext) > > em > > > Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest > > request) > > em > > > Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest > > request, ProtocolContext& protocolContext, PassiveProtocolHandler& > > protocolHandler) > > em > > > Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext > > context) > > > > System.ArgumentException: ID4128: O valor não é um ID de SAML válido. > > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode > > ser iniciado pelo caractere '7', valor hexadecimal 0x37. > > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > > exceptionType) > > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > --- Fim do rastreamento de pilha de exceções internas --- > > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > em > > > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > > reader, SamlMessage message) > > > > System.Xml.XmlException: Um nome não pode ser iniciado pelo caractere > '7', > > valor hexadecimal 0x37. > > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > > exceptionType) > > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > > > > > There is a few parts in brazilian portuguese, sorry about that. > > Did anyone succeeded in connecting CloudStack to an ADFS using the Saml > > plugin? > > > > Thank you in advance. > > > > Igor Steuck Lopes > > > > -- > > Este email foi checado por SOPHOS UTM 9 SPAM & Virus Firewall. > > http://www.rsantos.eti.br > > > > -- > Este email foi checado por SOPHOS UTM 9 SPAM & Virus Firewall. > http://www.rsantos.eti.br >
