Hi ! I'm trying to authenticate to google-apps with SAML, but I always get "This account cannot be accessed because the login credentials could not be verified" error.
According to google-apps FAQ, it's mainly a key issue, but I'm pretty sure of my public/private key. I have also test my signature with xmlsec tool. Here my response to google SAML Request : <samlp:Response ID="_ebf78bb2-6d04-42ec-9359-6e789a3fa5ed" Version="2.0" IssueInstant="2012-02-01T13:28:13Z" InResponseTo="akdpapfakbpjikniomblgbddeobokabkaaahcgdk" Destination="https://www.google.com/a/avencis.net/acs"; xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue>...</DigestValue> </Reference> </SignedInfo> <SignatureValue>...</SignatureValue> <KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>...</Modulus> <Exponent>...</Exponent> </RSAKeyValue> </KeyValue> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:2.0:status:Success" /> </samlp:Status> <saml:Assertion ID="_e914c022-e6df-4b0b-9081-c1015989845f" Version="2.0" IssueInstant="2012-02-01T13:28:25Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer>ISSUER_NAME</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailaddress">username</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Recipient="ACS_URL" /></saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2012-02-01T13:28:25Z" NotOnOrAfter="2012-02-01T15:28:25Z"> <saml:AudienceRestriction> <saml:Audience>google.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2012-02-01T13:28:25Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> </samlp:Response> -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/XHehEkRiNbsJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
