Hi, I'm having the exact same issue. Did you found any solution yet?
Best -- Robert On Tuesday, November 22, 2016 at 11:37:36 AM UTC+1, Lê Thành wrote: > > Hi, > > I'm configuring CAS 5.0.0 (Release) to work with AD FS 3 by SAML2 > Authentication. In my case CAS act as an IdP, everything work fine but AD > FS can't parse SAMLResponse. It throws an exeption: > > Microsoft.IdentityServer.Web.UnsupportedSamlResponseException: MSIS7029: >> The SAML response has content that is not supported. >> at >> Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetSecurityTokenFromSignInResponse(ProtocolContext >> >> context) >> at >> Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext >> >> protocolContext, PassiveProtocolHandler protocolHandler) >> at >> Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext >> >> context) >> > > agains SAMLResponse: > > <?xml version="1.0" encoding="UTF-8"?> >> <saml2p:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" >> Destination="https://leth.teca.vn/adfs/ls/"; >> ID="_8125126804174747431" >> InResponseTo="id-4ca6451f-338b-42a3-acc5-b7eec80628a8" >> IssueInstant="2016-11-22T09:07:03.187Z" Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" >> xmlns:xsd="http://www.w3.org/2001/XMLSchema";> >> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >> >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.bhxh.vn:8443/cas/idp >> </saml2:Issuer> >> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <ds:SignedInfo> >> <ds:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> <ds:SignatureMethod >> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >> <ds:Reference URI="#_8125126804174747431"> >> <ds:Transforms> >> <ds:Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >> <ds:Transform >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> >> <ec:InclusiveNamespaces PrefixList="xsd" >> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> </ds:Transform> >> </ds:Transforms> >> <ds:DigestMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> >> <ds:DigestValue>DlBC3aKXqTSiFelrBEk5jbgsQeMlDWLMvkeZ7wuaPGA=</ds:DigestValue> >> </ds:Reference> >> </ds:SignedInfo> >> <ds:SignatureValue> >> >> OG+wEuMdzIyM3yLTpB2RnbicKcCBHRt9et9Cti60Qs8N3G+maQCiOvgbKmzdoZsM9y2HTGiNkgkB >> >> 9qUsAO072PyOhtH5IkDe72eMB5QzhVkNPPOkhME0wo4lxTI/gvfG/vnJwkYtAignlOkl9/zppWeG >> >> 2FEeZFA/MoirpiheP2R+hEZVQw8aftF0a2Quy/GpVs3dWRN5nZXSPAkoYEtTmLcWGOjkZYul563X >> >> GUbHreYxHBLFT8IYvcD6bJwKp9S1MNOfGOBddkH5FiA1Ena0gP4ONCGZ/Q+JDshTBuPZ3yJrjGMl >> oOjRlw2sk741f+jHcATtxk7r6pyq71PwgwrJXg== >> </ds:SignatureValue> >> <ds:KeyInfo> >> <ds:X509Data> >> >> <ds:X509Certificate>MIIDDDCCAfSgAwIBAgIUaj/aKmtID0ZmU8zjayH9rf6aypwwDQYJKoZIhvcNAQELBQAwFjEUMBIG >> >> A1UEAwwLY2FzLmJoeGgudm4wHhcNMTYxMTIxMDM1NjQwWhcNMzYxMTIxMDM1NjQwWjAWMRQwEgYD >> >> VQQDDAtjYXMuYmh4aC52bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJOC6i6yKuPS >> >> zRHAMs97klECba7I6bdl7mILf4aqTna56ZvUloTtrlaGgMju0ujTj5VdI/W1/UWeRf382rLT4LGl >> >> unkBH/gFeHaz++kP2xlkh3zZSY7lCqY3tiwIoHXMEJz6tYYaJmaSMhlwbbhL762ZYvjjLF8AJPVe >> >> /15Zg4fF3h4cC1vFjwRw1UjYfXcQ960My2WH9GjNekkoN88QYOL9+QWemjC+CpFMgnKBcCqG1f04 >> >> y7wW6q1BhqM77300htkvsqLqj2WjMk+qSqzBnlFfurkdolB5R5zyh9Uk+bfWvt5xHlcqWYIbqTkK >> >> bRscIzxVUb/9SYCq9NNn7TG3au8CAwEAAaNSMFAwHQYDVR0OBBYEFL9JEvLIpzJIvP8kfCijTK0R >> >> 1kRIMC8GA1UdEQQoMCaCC2Nhcy5iaHhoLnZuhhdjYXMuYmh4aC52bmlkcC9tZXRhZGF0YTANBgkq >> >> hkiG9w0BAQsFAAOCAQEAEjqBVBAio1V1mwIqL5m+RaRhZi5E9qelPlFygbK/Yt6lMMiHPXjYIgzu >> >> SY5vcriPRMDnsWJepnGKefizvGMuw2dTYKO5ry/wLuqKotXyF9AaVOfORs+A6M+RzWl9dX2mRCIA >> >> Gh8xYIJgmXVDpxZJ8B/d4ldM2aCtkOpd6jxnIeP5pmUqsw1k+fY04sLeLnySpraeHdoApH7PBpTU >> >> zdhcZ+cpJsBIDoU0SUqiX8HFO4FOy5Sr5j8arZ5O6QVjPRdjA4hnti5M+4ayFkGPRg2qDUhYlODC >> >> 7abWpJ+eeM/q2NqOAicWx1tHAdNaLSuEB+42MIHgr3umrZZ3R8UYGDp6vQ== >> </ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> </ds:Signature> >> <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >> <saml2p:StatusCode >> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> >> >> <saml2p:StatusMessage>urn:oasis:names:tc:SAML:2.0:status:Success</saml2p:StatusMessage> >> </saml2p:Status> >> <saml2:Assertion ID="_6777774035950654943" >> IssueInstant="2016-11-22T09:07:03.128Z" Version="2.0" >> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" >> xmlns:xsd="http://www.w3.org/2001/XMLSchema";> >> <saml2:Issuer>https://cas.bhxh.vn:8443/cas/idp</saml2:Issuer> >> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <ds:SignedInfo> >> <ds:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> <ds:SignatureMethod >> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> >> <ds:Reference URI="#_6777774035950654943"> >> <ds:Transforms> >> <ds:Transform >> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> >> <ds:Transform >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> >> <ec:InclusiveNamespaces PrefixList="xsd" >> >> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> >> </ds:Transform> >> </ds:Transforms> >> <ds:DigestMethod >> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> >> >> <ds:DigestValue>7kDPmghSrp8C7L0RW1LxToCS1KlKEXV3T3oUJjhorAk=</ds:DigestValue> >> </ds:Reference> >> </ds:SignedInfo> >> <ds:SignatureValue> >> >> cmuGUsUU2vUYQW4+enWyDi/eSUYHMAU2NTVqZFjksIIwR7Pp192fBlDmoFsmLDBVx77yOdjeQ1yh >> >> jOMCMk1zljpwRhAVvUzk6Oi8wr9VKkMl5jX15cKb7mZnABAG7R3/H5uLPzPCWhxlai/T2XwC4it9 >> >> L/4kj7yLJsyLcWQjYTmomsdBWPD52P9YQ5pOZ8xbbayA1nT6J9LV0MkixsNvQ6FK5Pe20XY1W8ev >> >> 9qSg1YUeqr9rpQnOWiZHPx/pCyHIJFGFfvBjc29FJUwJmLsrRnrtLA7ZJJGJfys1+Z9LnJ4Wrv75 >> u8a3yOOhDZi63mBlhAAMiy51OTfMaFLOg3U45w== >> </ds:SignatureValue> >> <ds:KeyInfo> >> <ds:X509Data> >> >> <ds:X509Certificate>MIIDDDCCAfSgAwIBAgIUaj/aKmtID0ZmU8zjayH9rf6aypwwDQYJKoZIhvcNAQELBQAwFjEUMBIG >> >> A1UEAwwLY2FzLmJoeGgudm4wHhcNMTYxMTIxMDM1NjQwWhcNMzYxMTIxMDM1NjQwWjAWMRQwEgYD >> >> VQQDDAtjYXMuYmh4aC52bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJOC6i6yKuPS >> >> zRHAMs97klECba7I6bdl7mILf4aqTna56ZvUloTtrlaGgMju0ujTj5VdI/W1/UWeRf382rLT4LGl >> >> unkBH/gFeHaz++kP2xlkh3zZSY7lCqY3tiwIoHXMEJz6tYYaJmaSMhlwbbhL762ZYvjjLF8AJPVe >> >> /15Zg4fF3h4cC1vFjwRw1UjYfXcQ960My2WH9GjNekkoN88QYOL9+QWemjC+CpFMgnKBcCqG1f04 >> >> y7wW6q1BhqM77300htkvsqLqj2WjMk+qSqzBnlFfurkdolB5R5zyh9Uk+bfWvt5xHlcqWYIbqTkK >> >> bRscIzxVUb/9SYCq9NNn7TG3au8CAwEAAaNSMFAwHQYDVR0OBBYEFL9JEvLIpzJIvP8kfCijTK0R >> >> 1kRIMC8GA1UdEQQoMCaCC2Nhcy5iaHhoLnZuhhdjYXMuYmh4aC52bmlkcC9tZXRhZGF0YTANBgkq >> >> hkiG9w0BAQsFAAOCAQEAEjqBVBAio1V1mwIqL5m+RaRhZi5E9qelPlFygbK/Yt6lMMiHPXjYIgzu >> >> SY5vcriPRMDnsWJepnGKefizvGMuw2dTYKO5ry/wLuqKotXyF9AaVOfORs+A6M+RzWl9dX2mRCIA >> >> Gh8xYIJgmXVDpxZJ8B/d4ldM2aCtkOpd6jxnIeP5pmUqsw1k+fY04sLeLnySpraeHdoApH7PBpTU >> >> zdhcZ+cpJsBIDoU0SUqiX8HFO4FOy5Sr5j8arZ5O6QVjPRdjA4hnti5M+4ayFkGPRg2qDUhYlODC >> >> 7abWpJ+eeM/q2NqOAicWx1tHAdNaLSuEB+42MIHgr3umrZZ3R8UYGDp6vQ== >> </ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> </ds:Signature> >> <saml2:Subject> >> <saml2:NameID >> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">[email protected] >> <javascript:> >> </saml2:NameID> >> <saml2:SubjectConfirmation >> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> >> <saml2:SubjectConfirmationData >> InResponseTo="id-4ca6451f-338b-42a3-acc5-b7eec80628a8" >> >> NotOnOrAfter="2016-11-22T09:12:03.022Z"/> >> </saml2:SubjectConfirmation> >> </saml2:Subject> >> <saml2:Conditions NotBefore="2016-11-22T09:07:03.151Z" >> NotOnOrAfter="2016-11-22T09:12:03.151Z"> >> <saml2:AudienceRestriction> >> >> <saml2:Audience>http://leth.teca.vn/adfs/services/trust</saml2:Audience> >> </saml2:AudienceRestriction> >> </saml2:Conditions> >> <saml2:AuthnStatement AuthnInstant="2016-11-22T09:07:03.022Z"> >> <saml2:SubjectLocality >> Address="http://leth.teca.vn/adfs/services/trust"/> >> <saml2:AuthnContext> >> >> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport >> </saml2:AuthnContextClassRef> >> </saml2:AuthnContext> >> </saml2:AuthnStatement> >> <saml2:AttributeStatement> >> <saml2:Attribute >> FriendlyName="samlAuthenticationStatementAuthMethod" >> Name="samlAuthenticationStatementAuthMethod"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> urn:oasis:names:tc:SAML:1.0:am:password >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="isFromNewLogin" >> Name="isFromNewLogin"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:type="xsd:string">true >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="authenticationDate" >> Name="authenticationDate"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> 2016-11-22T16:07:02.927+07:00[Asia/Bangkok] >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="authenticationMethod" >> Name="authenticationMethod"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> WsAuthenticationHandler >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="successfulAuthenticationHandlers" >> Name="successfulAuthenticationHandlers"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> WsAuthenticationHandler >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute >> FriendlyName="longTermAuthenticationRequestTokenUsed" >> Name="longTermAuthenticationRequestTokenUsed"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> false >> </saml2:AttributeValue> >> </saml2:Attribute> >> <saml2:Attribute FriendlyName="email" Name="email"> >> <saml2:AttributeValue >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xsd:string"> >> [email protected] <javascript:> >> </saml2:AttributeValue> >> </saml2:Attribute> >> </saml2:AttributeStatement> >> </saml2:Assertion> >> </saml2p:Response> >> >> > I don't know the reason while the SAMLResponse from shibboleth I got > before had the same tags except attribute name. > Please help! > > Thanks > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/123bc5bc-a305-4946-be4a-d31726a2ac69%40apereo.org.
