Hi Ken, If the RelayState is hardcoded in your implementation then your SAMLResponse will not be accepted. You have to return the value of the RelayState parameter that is sent you together with the SAMLRequest, without any modifications.
Claudio On Sun, Nov 6, 2011 at 11:10 PM, Ken <[email protected]> wrote: > I'm sorry to bring this up because I see hundreds of similar posts, but > none of those resolutions have helped me. Can someone please give me some > pointers with my SAMLResponse? > > Thanks! > > <?xml version="1.0" encoding="UTF-8" standalone="no"?><samlp:Response > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#"; > ID="902cc712-2a53-4196-894e-2d67353efddc" > IssueInstant="2011-11-07T06:40:39Z" Version="2.0"> > <samlp:Status> > <samlp:StatusCode > Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> > </samlp:Status> > <Assertion ID="14a1d3c3-d6a5-4301-b384-a0e2d1fcd699" > IssueInstant="2011-11-07T06:40:39Z" Version="2.0"> > <Issuer>Ken</Issuer><Signature xmlns=" > http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethodAlgorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethodAlgorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ReferenceURI="#14a1d3c3-d6a5-4301-b384-a0e2d1fcd699"><Transforms><Transform > Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethodAlgorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/IhaZklJx+GJODMvu4zuqtHL6fo=</DigestValue></Reference></SignedInfo><SignatureValue>RkPqjjsGvTfTNbuyL9v6wAc01akfccj5tw+OqfWj/qK840nvtDqrumSclJQF4kcmZ9YmvQzoVP+b<http://www.w3.org/2000/09/xmldsig#sha1%22/%3E%3CDigestValue%3E/IhaZklJx+GJODMvu4zuqtHL6fo=%3C/DigestValue%3E%3C/Reference%3E%3C/SignedInfo%3E%3CSignatureValue%3ERkPqjjsGvTfTNbuyL9v6wAc01akfccj5tw+OqfWj/qK840nvtDqrumSclJQF4kcmZ9YmvQzoVP+b> > > iInGtzevvCb278iw060XcpJHxS5B86fFPRINUIHSBmDnT4r175WBOFw5qj2WatJ66PDSvDcw3i7o > > vTrCqTkcVsULYzKzK4INYgrpWhWfjSewEqEXoBqkMvbtZF8IKDyPh6Y2t9g0mMVzo8gR4XX0ucgA > > o8V5ifgOTuOderb42g6kpC8gV7nM2V3svpbkR8vNg4TlssDuscqP56Q3vw00ZVyNlGZKcEz4RKGr > 47hVFAg8QP7RmJSOSPx24PeGKRyE3lF4ohChng==</SignatureValue></Signature> > <Subject> > <NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> > [email protected] > </NameID> > <SubjectConfirmation > Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> > <SubjectConfirmationData > InResponseTo="dajklfijoimgcdlgekkkohdpbaajpbpkmbaeaebh" > NotOnOrAfter="2011-11-07T06:45:39Z" Recipient=" > https://www.google.com/a/mydomain.com/acs"/> > </SubjectConfirmation> > </Subject> > <Conditions NotBefore="2011-11-07T06:35:39Z" > NotOnOrAfter="2011-11-07T06:45:39Z"> > <AudienceRestriction> > <Audience> > https://www.google.com/a/mydomain.com/acs</Audience> > </AudienceRestriction> > </Conditions> > <AuthnStatement AuthnInstant="2011-11-07T06:40:39Z"> > <AuthnContext> > <AuthnContextClassRef> > > urn:oasis:names:tc:SAML:2.0:ac:classes:Password > </AuthnContextClassRef> > </AuthnContext> > </AuthnStatement> > </Assertion> > </samlp:Response> > > P.S. RelayState is: > > > https://www.google.com/a/mydomain.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fa%2Fmydomain.com%2F<mpl=default<mplcache=2 > > -- > You received this message because you are subscribed to the Google Groups > "Google Apps Domain Information and Management APIs" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-apps-mgmt-apis/-/FgqJ9itMnN8J. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-apps-mgmt-apis?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
