Hi Braden!
You are right,I have configured entityID for myIDP
Thank Braden,you helped me very much!
Vào 07:30:51 UTC+7 Thứ Ba, ngày 08 tháng 11 năm 2016, Braden MacDonald đã
viết:
>
> Does the Issuer value from this SAML XML ("
> https://idp-hcmut.vn/idp/shibboleth";) *exactly* match the "Entity ID" in
> the Open edX django admin SAML IdP configuration?
>
> --
> Braden
> @OpenCraft <http://opencraft.com/>
>
> On Sun, Nov 6, 2016 at 7:50 AM, truong nguyen <[email protected]
> <javascript:>> wrote:
>
>> I fixed the problem but not solve error.
>> I configured SAML "Assertion" not to encrypted:Here is my SAML response
>> after I changed configured for "Assertion:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <saml2p:Response Destination="
>> http://sp-hcmut.vn:8000/auth/complete/tpa-saml/";
>> ID="_8c32051cf7473a6144288a45aaf8a020"
>> InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c2624ad3f5e32"
>> IssueInstant="2016-11-06T15:37:27.553Z" Version="2.0"
>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
>> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>> https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>
>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> <ds:SignedInfo>
>> <ds:CanonicalizationMethod Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> <ds:SignatureMethod Algorithm="
>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>> <ds:Reference URI="#_8c32051cf7473a6144288a45aaf8a020">
>> <ds:Transforms>
>> <ds:Transform Algorithm="
>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> <ds:Transform Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> </ds:Transforms>
>> <ds:DigestMethod Algorithm="
>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>>
>> <ds:DigestValue>+zc7MUNxJF63OYLTIoZ/cZCUdxY4KZ31Lo7V7saPVTE=</ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>> <ds:SignatureValue>
>>
>> b7vz3XQ6+pkLYtIwAw1UDhXlGsYVNrLByTLCWXEtWxymNSGo4IPPJj8T6+a8SqPAE1ouC3jBMXSc
>>
>> i+dZ0cN/q7jXlwpUDbXwm+aWtawKvRQ2Sn/LacbT9cp/7x8NVmyy2OIREqDJ0a5cTgzGs7igj1Sx
>>
>> +FUV3wIfqBb7yl5jOrgs2Q6BsIBDd853eYXQcSb+zmK1rCzy5psnQRTxS+um2bsbBOPrditf/WhC
>>
>> k8Hv4CAiQ+fFd5TeOe3zTOq2IdeYsU2SFWrT3f0pOCvZxvfltAh/wf59z+c8N6e8wYHKwLZzWk0V
>> 1LG21fpI4mVEJaTr8nHC8woyVc3vmw0OU6OwQw==
>> </ds:SignatureValue>
>> <ds:KeyInfo>
>> <ds:X509Data>
>>
>> <ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG
>>
>> A1UEAwwMaWRwLWhjbXV0LnZuMB4XDTE2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG
>>
>> A1UEAwwMaWRwLWhjbXV0LnZuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6
>>
>> 7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y
>>
>> s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI
>>
>> JMnsSWfnnx2+eTi87/pYudVmRs6/YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/
>>
>> C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9
>>
>> mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman
>>
>> RKfg5o4wPAYDVR0RBDUwM4IMaWRwLWhjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv
>>
>> c2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr
>>
>> G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW
>>
>> 45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa
>>
>> ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg
>>
>> g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M
>> 2Q==</ds:X509Certificate>
>> </ds:X509Data>
>> </ds:KeyInfo>
>> </ds:Signature>
>> <saml2p:Status><saml2p:StatusCode
>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>
>> <saml2:Assertion ID="_6fdaab22b4fc1a64a6445c0fbce32f39"
>> IssueInstant="2016-11-06T15:37:27.553Z"
>> Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>> <saml2:Issuer>https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>
>> <saml2:Subject>
>> <saml2:NameID
>> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
>> NameQualifier="https://idp-hcmut.vn/idp/shibboleth";
>> SPNameQualifier="http://sp-hcmut.vn:8000
>> ">AAdzZWNyZXQxTeFn9qFZNL4dzWcS5S3kqxUQiXBjp2w1+/2xXatSNSYp5Nb0SSIYsazU4i9bn0hiH+es53fby4S+VxwZ1bV2H5x18Lqy07h+5SEOkXnGd1Bz7AXeLKBfYwKmWIUf3HI=</saml2:NameID>
>> <saml2:SubjectConfirmation
>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData
>>
>> Address="10.0.2.2"
>>
>> InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c2624ad3f5e32"
>> NotOnOrAfter="2016-11-06T15:42:27.585Z" Recipient="
>> http://sp-hcmut.vn:8000/auth/complete/tpa-saml/
>> "/></saml2:SubjectConfirmation>
>> </saml2:Subject>
>> <saml2:Conditions NotBefore="2016-11-06T15:37:27.553Z"
>> NotOnOrAfter="2016-11-06T15:42:27.553Z">
>> <saml2:AudienceRestriction>
>> <saml2:Audience>http://sp-hcmut.vn:8000</saml2:Audience>
>> </saml2:AudienceRestriction>
>> </saml2:Conditions>
>> <saml2:AuthnStatement AuthnInstant="2016-11-06T15:37:27.270Z"
>>
>> SessionIndex="_3a6136c379360b8da8e54d86054f8f66"><saml2:SubjectLocality
>> Address="10.0.2.2"/>
>> <saml2:AuthnContext>
>>
>> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
>> </saml2:AuthnContext>
>> </saml2:AuthnStatement>
>> <saml2:AttributeStatement>
>> <saml2:Attribute FriendlyName="uid"
>> Name="urn:oid:0.9.2342.19200300.100.1.1"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>thetruong</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute FriendlyName="mail"
>> Name="urn:oid:0.9.2342.19200300.100.1.3"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>[email protected] <javascript:>
>> </saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>nguyen</saml2:AttributeValue>
>> </saml2:Attribute>
>> <saml2:Attribute FriendlyName="givenName"
>> Name="urn:oid:2.5.4.42"
>>
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <saml2:AttributeValue>the truong</saml2:AttributeValue>
>> </saml2:Attribute>
>> </saml2:AttributeStatement>
>> </saml2:Assertion>
>> </saml2p:Response>
>>
>>
>>
>> Vào 18:22:16 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, truong nguyen đã
>> viết:
>>
>>> Hi Braden !
>>> I tried yours instruction above: "SECURITY_CONFIG": {
>>> "requestedAuthnContext": false }
>>> It solved problem,maybe!
>>> But has a new error!
>>> An error occurred.
>>>
>>> Authentication failed: SAML login failed: ['invalid_response']
>>> (Invalid issuer in the Assertion/Response)
>>>
>>>
>>> <https://lh3.googleusercontent.com/-kTTdFJ6ZQeE/WB8Q6C9PfrI/AAAAAAAAAHM/7vauxQpmvV4EJWYCzgHKS0ma1l8dH27KACLcB/s1600/Capture.JPG>
>>>
>>>
>>> This is my SAML response:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <saml2p:Response Destination="
>>> http://sp-hcmut.vn:8000/auth/complete/tpa-saml/";
>>> ID="_134b443dce67f1b4cd4645a37b65f9e4"
>>> InResponseTo="ONELOGIN_12252ec510136316ce950f2a33382f110989a5a9"
>>> IssueInstant="2016-11-06T10:55:57.966Z" Version="2.0"
>>> xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
>>> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>> https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>
>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>>> <ds:SignedInfo>
>>> <ds:CanonicalizationMethod Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> <ds:SignatureMethod Algorithm="
>>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>>> <ds:Reference URI="#_134b443dce67f1b4cd4645a37b65f9e4">
>>> <ds:Transforms>
>>> <ds:Transform Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>> <ds:Transform Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>> </ds:Transforms>
>>> <ds:DigestMethod Algorithm="
>>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>>>
>>> <ds:DigestValue>/C9k4/6oD79YVjJ2UX8TJ/BtZhwsvQhUSVTf1vJ1hhQ=</ds:DigestValue>
>>> </ds:Reference>
>>> </ds:SignedInfo>
>>> <ds:SignatureValue>
>>>
>>> F8iyL6C+vUTrxkTAAdnyaXztmCZFqxaVkTURD7gb9cMxZlo6VuSS1eJFw7kOr1aLK3XM0qHELBKe
>>>
>>> CiaaKUFS+14WcBwzgJj36WzzT2dB95cQMI47xFbTJN5nP8Yk6riJE7SR4NCAnMIn4dj9HgSBmhLH
>>>
>>> K1D9b5zk72GRS4obOAb0Fuvz/dNFh4gOmxv4++wGdI1Bds4326VyloWJTMPgShJ4DFokLx9ldTz/
>>>
>>> vNMHtWYN66OurK9Kf8Oxaqi+aj6Mdlv38YJXF1GsRHF3wQoeYmSFeESYJtY+eb+2nF6U7Z7h2lvL
>>> fKHkjrDuF2CH2pH2fYAl0frufCgKr2JP0HB2/A==
>>> </ds:SignatureValue>
>>> <ds:KeyInfo>
>>> <ds:X509Data>
>>>
>>> <ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG
>>>
>>> A1UEAwwMaWRwLWhjbXV0LnZuMB4XDTE2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG
>>>
>>> A1UEAwwMaWRwLWhjbXV0LnZuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6
>>>
>>> 7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y
>>>
>>> s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI
>>>
>>> JMnsSWfnnx2+eTi87/pYudVmRs6/YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/
>>>
>>> C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9
>>>
>>> mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman
>>>
>>> RKfg5o4wPAYDVR0RBDUwM4IMaWRwLWhjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv
>>>
>>> c2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr
>>>
>>> G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW
>>>
>>> 45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa
>>>
>>> ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg
>>>
>>> g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M
>>>
>>> 2Q==</ds:X509Certificate>
>>> </ds:X509Data>
>>> </ds:KeyInfo>
>>> </ds:Signature>
>>> <saml2p:Status><saml2p:StatusCode
>>> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>
>>> <saml2:EncryptedAssertion
>>> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
>>> <xenc:EncryptedData Id="_bc6eb3862cd6b26297f3518e4fe42403"
>>> Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc="
>>> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="
>>> http://www.w3.org/2001/04/xmlenc#aes128-cbc";
>>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
>>> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>>> <xenc:EncryptedKey
>>> Id="_3acb09cb5c3e9ecb5f7cae320ac842ea" Recipient="
>>> http://sp-hcmut.vn:8000";
>>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
>>> <xenc:EncryptionMethod Algorithm="
>>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
>>>
>>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><ds:DigestMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>>> "/></xenc:EncryptionMethod>
>>> <ds:KeyInfo>
>>> <ds:X509Data>
>>>
>>> <ds:X509Certificate>MIIC1jCCAj+gAwIBAgIJALbKmuXGyV3TMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJWSTEM
>>>
>>> MAoGA1UECAwDSENNMQwwCgYDVQQHDANIQ00xDjAMBgNVBAoMBUhDTVVUMQwwCgYDVQQLDANlZHgx
>>>
>>> DjAMBgNVBAMMBUhDTVVUMSowKAYJKoZIhvcNAQkBFhs0MTIwNDIxOXRoZXRydW9uZ0BnbWFpbC5j
>>>
>>> b20wHhcNMTYxMDI3MTY0NTI1WhcNMjYxMDI3MTY0NTI1WjCBgzELMAkGA1UEBhMCVkkxDDAKBgNV
>>>
>>> BAgMA0hDTTEMMAoGA1UEBwwDSENNMQ4wDAYDVQQKDAVIQ01VVDEMMAoGA1UECwwDZWR4MQ4wDAYD
>>>
>>> VQQDDAVIQ01VVDEqMCgGCSqGSIb3DQEJARYbNDEyMDQyMTl0aGV0cnVvbmdAZ21haWwuY29tMIGf
>>>
>>> MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYR53GA1rs606WaNBu1S+E7L3s5+XjhA5x5UvqzxGl
>>>
>>> dxhRmModYOY8pEMELaJOPiUt8XG4UvVX82z8tMgpTu2VTuZPf2n2zX8mVKWht1CsAKwhiuMvOODh
>>>
>>> n5NpODbVV0waX68zIgzXcSyrEV30H66NsANMTaoIia8f/+ibp5kJMQIDAQABo1AwTjAdBgNVHQ4E
>>>
>>> FgQUcZ99ZIb0ca+SEdxlD7phyNgthUEwHwYDVR0jBBgwFoAUcZ99ZIb0ca+SEdxlD7phyNgthUEw
>>>
>>> DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7EXsQnaxuU9LdlywNEymxjA0NLXTe1vHR
>>>
>>> 4py2GmeeQFSUmf4jkH9GwVDCJS8l7AhcHd4c45N1CWlYtOfiDCRf1orW91AYIXpCKreSXo7xn1Mz
>>>
>>> gpgVgPzJCZGdCjh5bhV8Cexyq9eSS/5O6SPRZV0kd4WacSPYaIdq9/aEGJHwsg==</ds:X509Certificate>
>>> </ds:X509Data>
>>> </ds:KeyInfo>
>>> <xenc:CipherData xmlns:xenc="
>>> http://www.w3.org/2001/04/xmlenc#";>
>>>
>>> <xenc:CipherValue>e2HC9vvbqzLswQ+jCj3Xf/8cx2OxONqJ3mRF+W/Mg7Dal++7K8dK2XQ4dYWBs1UNytLRHRNskd2V
>>>
>>> fRgBbk+GX89DdFJ4a7lPjf+IiWC2VvbNv+SbdBuV8YkrBJnnV2Ra3gzH9CRZrmubBcx+foeeCmBh
>>>
>>> SZkp0lLY7ppKrvXdueg=</xenc:CipherValue>
>>> </xenc:CipherData>
>>> </xenc:EncryptedKey>
>>> </ds:KeyInfo>
>>> <xenc:CipherData xmlns:xenc="
>>> http://www.w3.org/2001/04/xmlenc#";>
>>>
>>> <xenc:CipherValue>72Xbw+wuG23Jvd5B0jmi75KfMv7TrYcV79ZybGkc/2wcOkX756qPE79Fc+NngvZ0+8cZiKpdk8j9
>>>
>>> AO6ZA9Z/lpca3Sojxuv20mJrm2IdNxGyawGZqF5xvYvgeXHPaWiLWfWPjYPb5gBVhcGeQllycCKq
>>>
>>> lhChEQiwClPRh/9/hlaQsimT0DhLBvvwHaglNawuzXJtvkz6KaGHS2l6Clcl56l8/lKNYq85iofq
>>>
>>> XGzWMsSVLCzSkJ2iDX5zwskxaLsczEcTglEpgEK02/mUQ6qveWML7LAPOd+UB0fxKbnwYsSiu4le
>>>
>>> TaCFxghddP1s+oufTy2ZeUYNZ4xUd2HSRM2IT3Sslxvc4P2BJQDEjJ0wczrH+J5nFfs3nTKmggbw
>>>
>>> xlpUU1jX4QoQCRbtKG47ZWxmwHMYsblMq4q3dZoqWJNHLYv8UJ8jYVe2xpsk7zTWSn2RNjZKqIIr
>>>
>>> ZfVYRpDKukbdbq6k3U4EZP2BPvvmh5Hwpg8pbo2aD/vfata4A0VEI8Pq/V47j0oOV5y6fEGjg7rg
>>>
>>> eNAV4cVorNyRfDis/7FB59o93b738pqSTlvaSnqBvZk4JFUJaTbIlnyUd9ejvzpwf1z3PGIdFU1E
>>>
>>> viEUyLzHr/SaS1MyqJtBa8gq0nhOKtjKp9cTi2OdL7LIQmw8ECwwBZVUwXtt0VY3Tt3VxY18O14W
>>>
>>> qY1H45459ae9EKzJeIEEWH1nda8H+/foi3VUBMDvCqWogMnh2KbiATwtbVOEbR3+fECo1+C382fj
>>>
>>> 65/3TTJWXSLcPV+EHkc00qx2Q6HbLVgBBRIKgsEW4gVblzaq4KXGKun7H0DbXmviIfeB1TTjBnP+
>>>
>>> lxPqiExYk2gbgOQOz1mcygkO1JsLH53Xo84ZecpgTUPXPNZb8irGPxjIv4KogTclOok4BT7o5I65
>>>
>>> u4io1P8N+2k5iMqALhNJFBsnLyRV+nheQCsybY9GDGHDXnJvZ6sDfpxv0OQNmOiQGLte3WHdAR6/
>>>
>>> adybbgXqToVxp7Kn6SA9i4Ve/jkcKdqqfedcGQX15fHJ2FJBXe4LpQj3QQRXOqUEPDQ/RZcN0R5j
>>>
>>> sJtiNFT+tbV4gMDKNXaG2nMvwFbhz03ARRPJW6i37NZf+egNdsVnCHhQtXrp5D0uFS4jRxkUEP6P
>>>
>>> /fWTZKgGbJarIxAPb+YnVTYV74DzMkkiDheKCNjWKvkui7Jav57ejsxbkPx6PRZ/ZuiQD3Qh5+Vq
>>>
>>> UCU+jR245qYdwQ5SajMFBkkzgsrz1pBAz4/xA29qIohvosV0ssMBap1Cl9htph/sLY5fNYx8zRB3
>>>
>>> RIqN3hCogPFvHtb7dHZD8qeobmmKdsfI5OrzhPjrmDChYgOstlakGKzgnft609tYlR37yR8Jm9W9
>>>
>>> Gn5UtpUGFgknjxRxt8mcv/nYHFvvTwbIHRBeTuA0w8J6LnZdluwzJSoXJ8EhfMHgFByh7vld5vb2
>>>
>>> oydDfQbFikdU2NNDk8eUFXxyzc91zTQbyrxo/pza3EwyisWl2q4Jov9enxNaxqmyuiqDLQqGSfIc
>>>
>>> QIgiIxuLkESfk1Hhu4YmUyObpQ1y1vQ5JZ5IQyOH70yLpGrhDZTUPbnSoB+RgaWYJyPyrHKPSclw
>>>
>>> YsBe/1BXtTuKw8CKtER2w4f8isz2cucgCS1c8aSW1Re+q74fuJThPe30LlKrALx3CHEn0s4jzVHc
>>>
>>> fVwgY3BdD9E9709m9an7RTMMdshluIBQwI22ywtFpXKV8NRdvUNqBjUYJttS2C08Ie7uqnPmGgvY
>>>
>>> xheRPD2/hheUJ0ka+KFMgGmPrYNrv+S8SgJ6CbzbeHRkMq6l30zvtLZ+kE0R4vqaCuRojEQlkKCb
>>>
>>> jInSUUpLRy4IgIt3nmMtdFVYIQRcH56eAfE8kopbjOCIxo76NbgR0MEoaDSkbFTZI0Ldqp969DOK
>>>
>>> A7ZbCM2wx5lTGl4wSMk8cx/CKkYilnzSHwAvSsQPrfJ82MDwg1xhX5OzGwLJJ7YNWgsr5tv8g2I6
>>>
>>> pCUjmhgaWsn1wiIV4mBRl/qL54/52PYLLrtahUbNiDaaXgk/usWQ9QmuVhWlsO8g9Blb8lHeb7JY
>>>
>>> wJRuNtFa1ulbAUQXVyy/7jt4Zydhrufu9CEUfi0tD8SQR5z1DUSR1Vex7rtoCS1Js3MWOt8l7OcQ
>>>
>>> HuMS50ZflY8GDudiUpr15xBiwkhp2xZT/LGOapezeXllkJFycRgHqRfmX7ZEl8t4T3VNmui5liWN
>>>
>>> rO0OI3I5qSwsl8yqKa3ZXqfxGSC0fYRocTN2GWuWepk9rpHsmL5JqHxlfPqGD1rSRJnXRRlZG2uK
>>>
>>> /ouw/lBaZBs9ytnk6xHy9waEnkcV4FV75mBCnwIuERNLtMPjUeMq3dZpb4ndzbAwuLztlOcrB3gC
>>>
>>> vRlkjo4koxXglZ5oqU+eMDL3oAUpj6kC8Uy2deI8VGrX90GcSouSzl0PhUMCPaAMXntuAijFQsdJ
>>>
>>> hnHDr3lCh+6U3OsfQZuCtS77xilg6PnXwgOGVjSkUMJ9YhVYIpsnFnV3Fci5UPKL7Hj0znRlQmjT
>>>
>>> Vo55FblrfrSgM+4+aedT5o8hgJPuV+YI/+aJFViYBUpthueUkN2WUCNu9Us8WGGbitDsSJ+JnWv/
>>>
>>> GH4kVGC8n21rxe9LObSj2+8CyBGE/TtMIodx72Fr0Xhc6506dOcKFnWIgGcRXIhAxpW21d9e8a0O
>>>
>>> +5jiyuV/lAw7vtzrw36ULeGYuACBcZ3FMJURvh1gzTkEIJY7NBhbjXrAylOAQ9omiD9xC9u0NBXZ
>>>
>>> 58vDq7XrQrfIIfh2kRtPqKSrnHkpLDITng/S3LEQw406pjszm4wSHjjSGgBEwuaF+TF0wuvQxBx2
>>>
>>> rLE7fRVgdBRCLUN9uVnKgVnIq8vClRvD71dVSrb2BaSNhD5oDIVGpe6BG8VKqVNM5/q0ulxBMe/s
>>>
>>> zsyMJbNeaz5HnrDPqst5sN84R4m3cAJiDeiJ1VR6MEUYI10PI0CUtHiI5PvBqQ/oC5tteJY+Pinr
>>>
>>> nMMDOVxJA4kOUIwh2lU9Qaik6tae3baH3JCVGvldBrJN/vmUI1GYe0FHXkmNgvVF2jQWrPW10c1L
>>>
>>> VpApbRCN8t7L2GKto+2ZAHNWffbRL0tOZYDJBvsxwlRcpwCBo94wWXcCD32rEq1OHcye/4Rj0FAy
>>>
>>> QWenMc7QwxiD8aOL2oPa421jHHqRIQip30SNO6jfIUrtb4k8jFVSyBLx4nBDInn0GDco/QNYlbmv
>>>
>>> bhOejTKrOWVTYT+e2DJ/7JyMUqEH11WxFj1rI6r0tQeoPwDM/YM=</xenc:CipherValue>
>>> </xenc:CipherData>
>>> </xenc:EncryptedData>
>>> </saml2:EncryptedAssertion>
>>> </saml2p:Response>
>>>
>>> I think,the reason that is" Assertion" is encrypted
>>> (saml2:EncryptedAssertion).
>>> Thank for your help,Braden!
>>>
>>>
>>> Vào 04:37:23 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, Braden MacDonald
>>> đã viết:
>>>>
>>>> Hi,
>>>>
>>>> Please read through this past thread and try the suggestions in there:
>>>> https://groups.google.com/d/msg/openedx-ops/d-rmACND180/ZuLbMh9SIAAJ
>>>>
>>>> Let us know if that helps!
>>>>
>>>> --
>>>> Braden
>>>> @OpenCraft <http://opencraft.com/>
>>>>
>>>> On Sat, Nov 5, 2016 at 2:41 AM, truong nguyen <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi everyone!
>>>>> My purpose is use Shibboleth IdP v3 which installed in tomcat 8 server
>>>>> to authenticate username/password.I have checked my IdP server (
>>>>> http://idp-hcmut.vn) with Testshib,it's successfull.
>>>>> Then I intergrated my Idp server (http://idp-hcmut.vn) to Edx,also
>>>>> successfully,I follow these instruction:
>>>>>
>>>>> http://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/open-release-eucalyptus.master/configuration/tpa/index.html
>>>>>
>>>>> *Problem* is when I login into edx (register/sign in) use my IdP
>>>>> server,It redirected me to my edx (it's ok) but Message:
>>>>> *An error occurred.*
>>>>>
>>>>> *Authentication failed: SAML login failed: ['invalid_response'] (There
>>>>> is no AttributeStatement on the Response)*
>>>>>
>>>>> my edx-server is http://sp-hcmut.vn:8000.
>>>>>
>>>>> Please help me solve problem!
>>>>>
>>>>>
>>>>>
>>>>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <https://lh3.googleusercontent.com/-Rj3Y6DTfr1g/WB2pNYf4rfI/AAAAAAAAAGw/1QnA7TO0hCIUFCrCLIs4sFfo5PtKuGHdACLcB/s1600/error.JPG>
>>>>>
>>>>>
>>>>>
>>>>> <https://lh3.googleusercontent.com/-ipIhPCvtqC0/WB2pEuwiiOI/AAAAAAAAAGs/qB94fo6L30sO3SM7Xrfsy7eo8ToeblKaACLcB/s1600/IdP.JPG>
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "General Open edX discussion" group.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "General Open edX discussion" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/edx-code/f35f1cc6-3c83-43d6-aad3-2785678e27d1%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/edx-code/f35f1cc6-3c83-43d6-aad3-2785678e27d1%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/08e40cec-14d3-4d33-b617-670a4e00b628%40googlegroups.com.
