Hi all,
I am trying to exchange a SAML2Bearer token to a OAuth 2.0 as described in
the following documentation[1]. I have set the servers up as described in
the document and using the SAML2AssertionCreator.jar to create SAML
assertion. I am using this assertion (decoded assertion) to generate a
OAuth2.0 token by invoking the following command
curl -k -d
"grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<Base
64 encoded assertion>&scope=PRODUCTION" -H "Authorization: Basic <Base 64
encoded ConsumerKey:Secret>, Content-Type:
application/x-www-form-urlencoded" https://localhost:8244/token
However when I make this invocation to the API Manager I get the following
error. Can anyone suggest how I can solve this.
[Fatal Error] :1:276: Element type "saml:Issuer" must be followed by either
attribute specifications, ">" or "/>".
[2015-07-03 13:36:26,163] ERROR - SAML2BearerGrantHandler Error in
constructing XML Object from the encoded String
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 276; Element
type "saml:Issuer" must be followed by either attribute specifications, ">"
or "/>".
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
SAML assertion generated from the AssertionCreator is attached with the mail
[1] https://docs.wso2.com/pages/viewpage.action?pageId=45944343
--
Nadeesha Gamage
Associate Technical Lead - Solutions Engineering
T : +94 77 394 5706
B : https://nadeesha678.wordpress.com/
<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ilhdfboolaphaaibenlnbpmccdegakcpcnebelhn" IssueInstant="2015-07-03T08:05:10.471Z" Version="2.0"><saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">TestSP</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#ilhdfboolaphaaibenlnbpmccdegakcpcnebelhn">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml xs xsi"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Ta+RaDyf6No/1bRTmeQqMnTbRoY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
RwlR0nW/OsGyBiH4I8GYSKEBO7PBLbCkTts6CaT8LUqqsyVOal9qLjz2iDuf+hs0IaBEY/VmF+DQ
REvzT/cfaP2pifbtyBoogy+wyV6QNYofjwEW3KvPgl2tJAvqqWvi3hYB9puk6T7g5of35uSN74Lg
A3vcfyW80mHWgasmc6E=
</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="0" NotOnOrAfter="2015-07-03T08:10:10.471Z" Recipient="https://localhost:9444/oauth2/token"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2015-07-03T08:05:10.471Z" NotOnOrAfter="2015-07-03T08:10:10.471Z"><saml:AudienceRestriction><saml:Audience>https://localhost:9444/oauth2/token</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2015-07-03T08:05:10.531Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="D"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">:</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
