Does the Issuer value from this SAML XML ("
https://idp-hcmut.vn/idp/shibboleth";) *exactly* match the "Entity ID" in
the Open edX django admin SAML IdP configuration?-- Braden @OpenCraft <http://opencraft.com/> On Sun, Nov 6, 2016 at 7:50 AM, truong nguyen <[email protected]> wrote: > I fixed the problem but not solve error. > I configured SAML "Assertion" not to encrypted:Here is my SAML response > after I changed configured for "Assertion: > > <?xml version="1.0" encoding="UTF-8"?> > <saml2p:Response Destination="http://sp-hcmut.vn:8000/auth/complete/tpa- > saml/" > ID="_8c32051cf7473a6144288a45aaf8a020" > InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c2624ad3f5e32" > IssueInstant="2016-11-06T15:37:27.553Z" Version="2.0" > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#"/> > <ds:SignatureMethod Algorithm="http://www.w3.org/ > 2001/04/xmldsig-more#rsa-sha256"/> > <ds:Reference URI="#_8c32051cf7473a6144288a45aaf8a020"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/ > 2000/09/xmldsig#enveloped-signature"/> > <ds:Transform Algorithm="http://www.w3.org/ > 2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/ > 2001/04/xmlenc#sha256"/> > <ds:DigestValue>+zc7MUNxJF63OYLTIoZ/ > cZCUdxY4KZ31Lo7V7saPVTE=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > b7vz3XQ6+pkLYtIwAw1UDhXlGsYVNrLByTLCWXEtWxymNSGo4IPPJj8T6+ > a8SqPAE1ouC3jBMXSc > i+dZ0cN/q7jXlwpUDbXwm+aWtawKvRQ2Sn/LacbT9cp/ > 7x8NVmyy2OIREqDJ0a5cTgzGs7igj1Sx > +FUV3wIfqBb7yl5jOrgs2Q6BsIBDd853eYXQcSb+zmK1rCzy5psnQRTxS+ > um2bsbBOPrditf/WhC > k8Hv4CAiQ+fFd5TeOe3zTOq2IdeYsU2SFWrT3f0pOCvZxvfltAh/wf59z+ > c8N6e8wYHKwLZzWk0V > 1LG21fpI4mVEJaTr8nHC8woyVc3vmw0OU6OwQw== > </ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9 > Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG > A1UEAwwMaWRwLWhjbXV0LnZuMB4XDT > E2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG > A1UEAwwMaWRwLWhjbXV0LnZuMIIBIj > ANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6 > 7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+ > HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y > s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAU > AX3LBVssj77jp8oWrMheVI > JMnsSWfnnx2+eTi87/pYudVmRs6/ > YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/ > C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+ > oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9 > mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ > 4EFgQUzvHSyKfNHADSyIpYdman > RKfg5o4wPAYDVR0RBDUwM4IMaWRwLW > hjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv > c2hpYmJvbGV0aDANBgkqhkiG9w0BAQ > sFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr > G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqu > sP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW > 45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnI > T0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa > ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/ > HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg > > g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M > 2Q==</ds:X509Certificate> > </ds:X509Data> > </ds:KeyInfo> > </ds:Signature> > <saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc: > SAML:2.0:status:Success"/></saml2p:Status> > <saml2:Assertion ID="_6fdaab22b4fc1a64a6445c0fbce32f39" > IssueInstant="2016-11-06T15:37:27.553Z" > Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> > <saml2:Issuer>https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer> > <saml2:Subject> > <saml2:NameID Format="urn:oasis:names:tc: > SAML:2.0:nameid-format:transient" > NameQualifier="https://idp-hcmut.vn/idp/shibboleth"; > SPNameQualifier="http://sp-hcmut.vn:8000";>AAdzZWNyZXQxTeFn9qFZNL4dzWcS5S > 3kqxUQiXBjp2w1+/2xXatSNSYp5Nb0SSIYsazU4i9bn0hiH+es53fby4S+ > VxwZ1bV2H5x18Lqy07h+5SEOkXnGd1Bz7AXeLKBfYwKmWIUf3HI=</saml2:NameID> > <saml2:SubjectConfirmation Method="urn:oasis:names:tc: > SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="10.0.2.2" > InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c26 > 24ad3f5e32" > NotOnOrAfter="2016-11-06T15:42:27.585Z" Recipient=" > http://sp-hcmut.vn:8000/auth/complete/tpa-saml/"/ > ></saml2:SubjectConfirmation> > </saml2:Subject> > <saml2:Conditions NotBefore="2016-11-06T15:37:27.553Z" > NotOnOrAfter="2016-11-06T15:42:27.553Z"> > <saml2:AudienceRestriction> > <saml2:Audience>http://sp-hcmut.vn:8000</saml2:Audience> > </saml2:AudienceRestriction> > </saml2:Conditions> > <saml2:AuthnStatement AuthnInstant="2016-11-06T15:37:27.270Z" > > SessionIndex="_3a6136c379360b8da8e54d86054f8f66"><saml2:SubjectLocality > Address="10.0.2.2"/> > <saml2:AuthnContext> > <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0: > ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> > </saml2:AuthnContext> > </saml2:AuthnStatement> > <saml2:AttributeStatement> > <saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342. > 19200300.100.1.1" > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format: > uri"> > <saml2:AttributeValue>thetruong</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342. > 19200300.100.1.3" > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format: > uri"> > <saml2:AttributeValue>[email protected]</saml2: > AttributeValue> > </saml2:Attribute> > <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format: > uri"> > <saml2:AttributeValue>nguyen</saml2:AttributeValue> > </saml2:Attribute> > <saml2:Attribute FriendlyName="givenName" > Name="urn:oid:2.5.4.42" > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format: > uri"> > <saml2:AttributeValue>the truong</saml2:AttributeValue> > </saml2:Attribute> > </saml2:AttributeStatement> > </saml2:Assertion> > </saml2p:Response> > > > > Vào 18:22:16 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, truong nguyen đã > viết: > >> Hi Braden ! >> I tried yours instruction above: "SECURITY_CONFIG": { >> "requestedAuthnContext": false } >> It solved problem,maybe! >> But has a new error! >> An error occurred. >> >> Authentication failed: SAML login failed: ['invalid_response'] >> (Invalid issuer in the Assertion/Response) >> >> >> <https://lh3.googleusercontent.com/-kTTdFJ6ZQeE/WB8Q6C9PfrI/AAAAAAAAAHM/7vauxQpmvV4EJWYCzgHKS0ma1l8dH27KACLcB/s1600/Capture.JPG> >> >> >> This is my SAML response: >> >> <?xml version="1.0" encoding="UTF-8"?> >> <saml2p:Response Destination="http://sp-hcmut.v >> n:8000/auth/complete/tpa-saml/" >> ID="_134b443dce67f1b4cd4645a37b65f9e4" >> InResponseTo="ONELOGIN_12252ec510136316ce950f2a33382f110989a5a9" >> IssueInstant="2016-11-06T10:55:57.966Z" Version="2.0" >> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> >> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> >> https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer> >> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <ds:SignedInfo> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2 >> 001/10/xml-exc-c14n#"/> >> <ds:SignatureMethod Algorithm="http://www.w3.org/2 >> 001/04/xmldsig-more#rsa-sha256"/> >> <ds:Reference URI="#_134b443dce67f1b4cd4645a37b65f9e4"> >> <ds:Transforms> >> <ds:Transform Algorithm="http://www.w3.org/2 >> 000/09/xmldsig#enveloped-signature"/> >> <ds:Transform Algorithm="http://www.w3.org/2 >> 001/10/xml-exc-c14n#"/> >> </ds:Transforms> >> <ds:DigestMethod Algorithm="http://www.w3.org/2 >> 001/04/xmlenc#sha256"/> >> <ds:DigestValue>/C9k4/6oD79YVj >> J2UX8TJ/BtZhwsvQhUSVTf1vJ1hhQ=</ds:DigestValue> >> </ds:Reference> >> </ds:SignedInfo> >> <ds:SignatureValue> >> F8iyL6C+vUTrxkTAAdnyaXztmCZFqxaVkTURD7gb9cMxZlo6VuSS1eJFw7kO >> r1aLK3XM0qHELBKe >> CiaaKUFS+14WcBwzgJj36WzzT2dB95cQMI47xFbTJN5nP8Yk6riJE7SR4NCA >> nMIn4dj9HgSBmhLH >> K1D9b5zk72GRS4obOAb0Fuvz/dNFh4gOmxv4++wGdI1Bds4326VyloWJTMPg >> ShJ4DFokLx9ldTz/ >> vNMHtWYN66OurK9Kf8Oxaqi+aj6Mdlv38YJXF1GsRHF3wQoeYmSFeESYJtY+ >> eb+2nF6U7Z7h2lvL >> fKHkjrDuF2CH2pH2fYAl0frufCgKr2JP0HB2/A== >> </ds:SignatureValue> >> <ds:KeyInfo> >> <ds:X509Data> >> <ds:X509Certificate>MIIDGzCCAg >> OgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG >> A1UEAwwMaWRwLWhjbXV0LnZuMB4XDT >> E2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG >> A1UEAwwMaWRwLWhjbXV0LnZuMIIBIj >> ANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6 >> 7cEyu8iKjTROaltQ4b3BKE11LymVoP >> A0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y >> s/IB0xxSiGkfde39+B7Bmsr+MJDH0R >> 6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI >> JMnsSWfnnx2+eTi87/pYudVmRs6/YY >> tmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/ >> C34wOWZCpo45IXchDchPbM1HfWrQqS >> h7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9 >> mHQiGk03VoYG5K8kLfk+9uZgXhTfiw >> IDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman >> RKfg5o4wPAYDVR0RBDUwM4IMaWRwLW >> hjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv >> c2hpYmJvbGV0aDANBgkqhkiG9w0BAQ >> sFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr >> G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++ >> TsHRlH1MpA0X76Wg9U/T6X4n5vW >> 45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+ >> REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa >> ZU+McqEIKbirPKueHAFqSZuXwnZeK8 >> QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg >> g1gCPi5wsFfWD/wNk6VhCd3uwfFoJs >> zZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M 2Q==</ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> </ds:Signature> >> <saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML >> :2.0:status:Success"/></saml2p:Status> >> <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:t >> c:SAML:2.0:assertion"> >> <xenc:EncryptedData Id="_bc6eb3862cd6b26297f3518e4fe42403" >> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" >> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" >> http://www.w3.org/2001/04/xmlenc#aes128-cbc"; >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> <xenc:EncryptedKey Id="_3acb09cb5c3e9ecb5f7cae320ac842ea" >> Recipient="http://sp-hcmut.vn:8000"; >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> >> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2 >> 001/04/xmlenc#rsa-oaep-mgf1p" >> xmlns:xenc="http://www.w3.org/2001/04/xmlenc# >> "><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >> xmlns:ds="http://www.w3.org/2000/09/xmldsig# >> "/></xenc:EncryptionMethod> >> <ds:KeyInfo> >> <ds:X509Data> >> <ds:X509Certificate>MIIC1jCCAj >> +gAwIBAgIJALbKmuXGyV3TMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJWSTEM >> MAoGA1UECAwDSENNMQwwCgYDVQQHDA >> NIQ00xDjAMBgNVBAoMBUhDTVVUMQwwCgYDVQQLDANlZHgx >> DjAMBgNVBAMMBUhDTVVUMSowKAYJKo >> ZIhvcNAQkBFhs0MTIwNDIxOXRoZXRydW9uZ0BnbWFpbC5j >> b20wHhcNMTYxMDI3MTY0NTI1WhcNMj >> YxMDI3MTY0NTI1WjCBgzELMAkGA1UEBhMCVkkxDDAKBgNV >> BAgMA0hDTTEMMAoGA1UEBwwDSENNMQ >> 4wDAYDVQQKDAVIQ01VVDEMMAoGA1UECwwDZWR4MQ4wDAYD >> VQQDDAVIQ01VVDEqMCgGCSqGSIb3DQ >> EJARYbNDEyMDQyMTl0aGV0cnVvbmdAZ21haWwuY29tMIGf >> MA0GCSqGSIb3DQEBAQUAA4GNADCBiQ >> KBgQCYR53GA1rs606WaNBu1S+E7L3s5+XjhA5x5UvqzxGl >> dxhRmModYOY8pEMELaJOPiUt8XG4Uv >> VX82z8tMgpTu2VTuZPf2n2zX8mVKWht1CsAKwhiuMvOODh >> n5NpODbVV0waX68zIgzXcSyrEV30H6 >> 6NsANMTaoIia8f/+ibp5kJMQIDAQABo1AwTjAdBgNVHQ4E >> FgQUcZ99ZIb0ca+SEdxlD7phyNgthU >> EwHwYDVR0jBBgwFoAUcZ99ZIb0ca+SEdxlD7phyNgthUEw >> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w >> 0BAQUFAAOBgQB7EXsQnaxuU9LdlywNEymxjA0NLXTe1vHR >> 4py2GmeeQFSUmf4jkH9GwVDCJS8l7A >> hcHd4c45N1CWlYtOfiDCRf1orW91AYIXpCKreSXo7xn1Mz >> gpgVgPzJCZGdCjh5bhV8Cexyq9eSS/ >> 5O6SPRZV0kd4WacSPYaIdq9/aEGJHwsg==</ds:X509Certificate> >> </ds:X509Data> >> </ds:KeyInfo> >> <xenc:CipherData xmlns:xenc="http://www.w3.org/ >> 2001/04/xmlenc#"> >> <xenc:CipherValue>e2HC9vvbqzLs >> wQ+jCj3Xf/8cx2OxONqJ3mRF+W/Mg7Dal++7K8dK2XQ4dYWBs1UNytLRHRNskd2V >> fRgBbk+GX89DdFJ4a7lPjf+IiWC2Vv >> bNv+SbdBuV8YkrBJnnV2Ra3gzH9CRZrmubBcx+foeeCmBh >> SZkp0lLY7ppKrvXdueg=</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedKey> >> </ds:KeyInfo> >> <xenc:CipherData xmlns:xenc="http://www.w3.org/ >> 2001/04/xmlenc#"> >> <xenc:CipherValue>72Xbw+wuG23J >> vd5B0jmi75KfMv7TrYcV79ZybGkc/2wcOkX756qPE79Fc+NngvZ0+8cZiKpdk8j9 >> AO6ZA9Z/lpca3Sojxuv20mJrm2IdNx >> GyawGZqF5xvYvgeXHPaWiLWfWPjYPb5gBVhcGeQllycCKq >> lhChEQiwClPRh/9/hlaQsimT0DhLBv >> vwHaglNawuzXJtvkz6KaGHS2l6Clcl56l8/lKNYq85iofq >> XGzWMsSVLCzSkJ2iDX5zwskxaLsczE >> cTglEpgEK02/mUQ6qveWML7LAPOd+UB0fxKbnwYsSiu4le >> TaCFxghddP1s+oufTy2ZeUYNZ4xUd2 >> HSRM2IT3Sslxvc4P2BJQDEjJ0wczrH+J5nFfs3nTKmggbw >> xlpUU1jX4QoQCRbtKG47ZWxmwHMYsb >> lMq4q3dZoqWJNHLYv8UJ8jYVe2xpsk7zTWSn2RNjZKqIIr >> ZfVYRpDKukbdbq6k3U4EZP2BPvvmh5 >> Hwpg8pbo2aD/vfata4A0VEI8Pq/V47j0oOV5y6fEGjg7rg >> eNAV4cVorNyRfDis/7FB59o93b738p >> qSTlvaSnqBvZk4JFUJaTbIlnyUd9ejvzpwf1z3PGIdFU1E >> viEUyLzHr/SaS1MyqJtBa8gq0nhOKt >> jKp9cTi2OdL7LIQmw8ECwwBZVUwXtt0VY3Tt3VxY18O14W >> qY1H45459ae9EKzJeIEEWH1nda8H+/ >> foi3VUBMDvCqWogMnh2KbiATwtbVOEbR3+fECo1+C382fj >> 65/3TTJWXSLcPV+EHkc00qx2Q6HbLV >> gBBRIKgsEW4gVblzaq4KXGKun7H0DbXmviIfeB1TTjBnP+ >> lxPqiExYk2gbgOQOz1mcygkO1JsLH5 >> 3Xo84ZecpgTUPXPNZb8irGPxjIv4KogTclOok4BT7o5I65 >> u4io1P8N+2k5iMqALhNJFBsnLyRV+n >> heQCsybY9GDGHDXnJvZ6sDfpxv0OQNmOiQGLte3WHdAR6/ >> adybbgXqToVxp7Kn6SA9i4Ve/jkcKd >> qqfedcGQX15fHJ2FJBXe4LpQj3QQRXOqUEPDQ/RZcN0R5j >> sJtiNFT+tbV4gMDKNXaG2nMvwFbhz0 >> 3ARRPJW6i37NZf+egNdsVnCHhQtXrp5D0uFS4jRxkUEP6P >> /fWTZKgGbJarIxAPb+YnVTYV74DzMk >> kiDheKCNjWKvkui7Jav57ejsxbkPx6PRZ/ZuiQD3Qh5+Vq >> UCU+jR245qYdwQ5SajMFBkkzgsrz1pBAz4/ >> xA29qIohvosV0ssMBap1Cl9htph/sLY5fNYx8zRB3 >> RIqN3hCogPFvHtb7dHZD8qeobmmKds >> fI5OrzhPjrmDChYgOstlakGKzgnft609tYlR37yR8Jm9W9 >> Gn5UtpUGFgknjxRxt8mcv/nYHFvvTw >> bIHRBeTuA0w8J6LnZdluwzJSoXJ8EhfMHgFByh7vld5vb2 >> oydDfQbFikdU2NNDk8eUFXxyzc91zT >> Qbyrxo/pza3EwyisWl2q4Jov9enxNaxqmyuiqDLQqGSfIc >> QIgiIxuLkESfk1Hhu4YmUyObpQ1y1v >> Q5JZ5IQyOH70yLpGrhDZTUPbnSoB+RgaWYJyPyrHKPSclw >> YsBe/1BXtTuKw8CKtER2w4f8isz2cu >> cgCS1c8aSW1Re+q74fuJThPe30LlKrALx3CHEn0s4jzVHc >> fVwgY3BdD9E9709m9an7RTMMdshluI >> BQwI22ywtFpXKV8NRdvUNqBjUYJttS2C08Ie7uqnPmGgvY >> xheRPD2/hheUJ0ka+KFMgGmPrYNrv+ >> S8SgJ6CbzbeHRkMq6l30zvtLZ+kE0R4vqaCuRojEQlkKCb >> jInSUUpLRy4IgIt3nmMtdFVYIQRcH5 >> 6eAfE8kopbjOCIxo76NbgR0MEoaDSkbFTZI0Ldqp969DOK >> A7ZbCM2wx5lTGl4wSMk8cx/CKkYiln >> zSHwAvSsQPrfJ82MDwg1xhX5OzGwLJJ7YNWgsr5tv8g2I6 >> pCUjmhgaWsn1wiIV4mBRl/qL54/52P >> YLLrtahUbNiDaaXgk/usWQ9QmuVhWlsO8g9Blb8lHeb7JY >> wJRuNtFa1ulbAUQXVyy/7jt4Zydhru >> fu9CEUfi0tD8SQR5z1DUSR1Vex7rtoCS1Js3MWOt8l7OcQ >> HuMS50ZflY8GDudiUpr15xBiwkhp2x >> ZT/LGOapezeXllkJFycRgHqRfmX7ZEl8t4T3VNmui5liWN >> rO0OI3I5qSwsl8yqKa3ZXqfxGSC0fY >> RocTN2GWuWepk9rpHsmL5JqHxlfPqGD1rSRJnXRRlZG2uK >> /ouw/lBaZBs9ytnk6xHy9waEnkcV4F >> V75mBCnwIuERNLtMPjUeMq3dZpb4ndzbAwuLztlOcrB3gC >> vRlkjo4koxXglZ5oqU+eMDL3oAUpj6 >> kC8Uy2deI8VGrX90GcSouSzl0PhUMCPaAMXntuAijFQsdJ >> hnHDr3lCh+6U3OsfQZuCtS77xilg6P >> nXwgOGVjSkUMJ9YhVYIpsnFnV3Fci5UPKL7Hj0znRlQmjT >> Vo55FblrfrSgM+4+aedT5o8hgJPuV+ >> YI/+aJFViYBUpthueUkN2WUCNu9Us8WGGbitDsSJ+JnWv/ >> GH4kVGC8n21rxe9LObSj2+8CyBGE/T >> tMIodx72Fr0Xhc6506dOcKFnWIgGcRXIhAxpW21d9e8a0O >> +5jiyuV/lAw7vtzrw36ULeGYuACBcZ >> 3FMJURvh1gzTkEIJY7NBhbjXrAylOAQ9omiD9xC9u0NBXZ >> 58vDq7XrQrfIIfh2kRtPqKSrnHkpLD >> ITng/S3LEQw406pjszm4wSHjjSGgBEwuaF+TF0wuvQxBx2 >> rLE7fRVgdBRCLUN9uVnKgVnIq8vClR >> vD71dVSrb2BaSNhD5oDIVGpe6BG8VKqVNM5/q0ulxBMe/s >> zsyMJbNeaz5HnrDPqst5sN84R4m3cA >> JiDeiJ1VR6MEUYI10PI0CUtHiI5PvBqQ/oC5tteJY+Pinr >> nMMDOVxJA4kOUIwh2lU9Qaik6tae3b >> aH3JCVGvldBrJN/vmUI1GYe0FHXkmNgvVF2jQWrPW10c1L >> VpApbRCN8t7L2GKto+2ZAHNWffbRL0 >> tOZYDJBvsxwlRcpwCBo94wWXcCD32rEq1OHcye/4Rj0FAy >> QWenMc7QwxiD8aOL2oPa421jHHqRIQ >> ip30SNO6jfIUrtb4k8jFVSyBLx4nBDInn0GDco/QNYlbmv >> bhOejTKrOWVTYT+e2DJ/7JyMUqEH11 >> WxFj1rI6r0tQeoPwDM/YM=</xenc:CipherValue> >> </xenc:CipherData> >> </xenc:EncryptedData> >> </saml2:EncryptedAssertion> >> </saml2p:Response> >> >> I think,the reason that is" Assertion" is encrypted >> (saml2:EncryptedAssertion). >> Thank for your help,Braden! >> >> >> Vào 04:37:23 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, Braden MacDonald >> đã viết: >>> >>> Hi, >>> >>> Please read through this past thread and try the suggestions in there: >>> https://groups.google.com/d/msg/openedx-ops/d-rmACND180/ZuLbMh9SIAAJ >>> >>> Let us know if that helps! >>> >>> -- >>> Braden >>> @OpenCraft <http://opencraft.com/> >>> >>> On Sat, Nov 5, 2016 at 2:41 AM, truong nguyen <[email protected]> >>> wrote: >>> >>>> Hi everyone! >>>> My purpose is use Shibboleth IdP v3 which installed in tomcat 8 server >>>> to authenticate username/password.I have checked my IdP server ( >>>> http://idp-hcmut.vn) with Testshib,it's successfull. >>>> Then I intergrated my Idp server (http://idp-hcmut.vn) to Edx,also >>>> successfully,I follow these instruction: >>>> http://edx.readthedocs.io/projects/edx-installing-configuri >>>> ng-and-running/en/open-release-eucalyptus.master/ >>>> configuration/tpa/index.html >>>> *Problem* is when I login into edx (register/sign in) use my IdP >>>> server,It redirected me to my edx (it's ok) but Message: >>>> *An error occurred.* >>>> >>>> *Authentication failed: SAML login failed: ['invalid_response'] (There >>>> is no AttributeStatement on the Response)* >>>> >>>> my edx-server is http://sp-hcmut.vn:8000. >>>> >>>> Please help me solve problem! >>>> >>>> >>>> >>>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG> >>>> >>>> >>>> >>>> >>>> <https://lh3.googleusercontent.com/-Rj3Y6DTfr1g/WB2pNYf4rfI/AAAAAAAAAGw/1QnA7TO0hCIUFCrCLIs4sFfo5PtKuGHdACLcB/s1600/error.JPG> >>>> >>>> >>>> >>>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "General Open edX discussion" group. >>>> To view this discussion on the web visit https://groups.google.com/d/ms >>>> gid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com >>>> <https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> -- > You received this message because you are subscribed to the Google Groups > "General Open edX discussion" group. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/edx-code/f35f1cc6-3c83-43d6-aad3-2785678e27d1%40googlegroups.com > <https://groups.google.com/d/msgid/edx-code/f35f1cc6-3c83-43d6-aad3-2785678e27d1%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/CAEyJbEZhMA1%2BaYewUGwTW3NWgjSFAO1aw9MVPY1qU1pAeYRBOA%40mail.gmail.com.
