Hi, thank you for your answer. Here is the translated error message: System.Xml.XmlException: MSIS0018: The SAML protocol message cannot be read because it contains data that is not valid. ---> System.ArgumentException: ID4128: The value is not a valid SAML ID. Parameter name: value ---> System.Xml.XmlException: Name cannot begin with the '7' character, hexadecimal value 0x37. em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType) em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) --- End of inner exception stack trace --- em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) em Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message) --- End of inner exception stack trace --- em Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message) em Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader reader) em Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader reader, NamespaceContext context) em Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage) em Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection) em Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form) em Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest) em Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext) em Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request) em Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler) em Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
System.ArgumentException: ID4128: The value is not a valid SAML ID. Parameter name: value ---> System.Xml.XmlException: Name cannot begin with the '7' character, hexadecimal value 0x37. em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType) em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) --- End of inner exception stack trace --- em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) em Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader reader, SamlMessage message) System.Xml.XmlException: Name cannot begin with the '7' character, hexadecimal value 0x37. em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType) em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) There is a huge chance that I configured something wrong. Igor Steuck Lopes ----- Mensagem original ----- De: "Erik Weber" <terbol...@gmail.com> Para: "users" <users@cloudstack.apache.org> Enviadas: Terça-feira, 10 de maio de 2016 17:24:13 Assunto: Re: ADFS + CloudStack problem I haven't tried since I wrote that post, but it worked back then. Any chance that you could translate the error messages? Erik Den tirsdag 10. mai 2016 skrev Igor S. Lopes <i...@rsantos.eti.br> følgende: > Hi, > I am working with CloudStack and I'm indending to use it as a Service > Provider connected through SSO with our Active Directory Federation Service > . > I have no Idea how to allow CloudStack to authenticate on the ADFS . > I tried to follow this guide > http://www.terbolo.us/2015/06/how-to-set-up-apache-cloudstack-4-5-24-6-0-and-saml-2-0-authentication-against-microsoft-adfs/ > but > a few problems showed up: > > 1 - Even though I had set the URL metadata to > https://<domain>/FederationMetadata/2007-06/FederationMetadata.xml > when I checked /var/log/cloudstack/management/management-server.log > for error messages I saw a few saying that CloudStack couldn't retrieve > the metadata file. So I did it manually. > > 2 - I configured the ADFS claims as showed in the 'how-to' but the > following error message shows up on my ADFS Event Logs. I already spent a > couple hours browsing about this error but > nothing really usefull came up: > > Error code: 364 > (...) > System.Xml.XmlException: MSIS0018: Não é possível ler a mensagem do > protocolo SAML porque ela contém dados inválidos. ---> > System.ArgumentException: ID4128: O valor não é um ID de SAML válido. > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode > ser iniciado pelo caractere '7', valor hexadecimal 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > --- Fim do rastreamento de pilha de exceções internas --- > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > --- Fim do rastreamento de pilha de exceções internas --- > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader > reader) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader > reader, NamespaceContext context) > em > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String > encodedSamlMessage) > em > Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri > baseUrl, NameValueCollection collection) > em > Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri > requestUrl, NameValueCollection form) > em > Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest > httpRequest) > em > Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest > request, ProtocolContext& protocolContext) > em > Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest > request) > em > Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest > request, ProtocolContext& protocolContext, PassiveProtocolHandler& > protocolHandler) > em > Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext > context) > > System.ArgumentException: ID4128: O valor não é um ID de SAML válido. > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode > ser iniciado pelo caractere '7', valor hexadecimal 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > --- Fim do rastreamento de pilha de exceções internas --- > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > em > Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader > reader, SamlMessage message) > > System.Xml.XmlException: Um nome não pode ser iniciado pelo caractere '7', > valor hexadecimal 0x37. > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType > exceptionType) > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value) > > > There is a few parts in brazilian portuguese, sorry about that. > Did anyone succeeded in connecting CloudStack to an ADFS using the Saml > plugin? > > Thank you in advance. > > Igor Steuck Lopes > > -- > Este email foi checado por SOPHOS UTM 9 SPAM & Virus Firewall. > http://www.rsantos.eti.br > -- Este email foi checado por SOPHOS UTM 9 SPAM & Virus Firewall. http://www.rsantos.eti.br