You need to sign in to do that
Don't have an account?
ErinForce
SAML assertion invalid; unable to parse
My login history shows Failed: Assertion Invalid
The SAML Assertion Validator says Unable to parse the response
XMLSpy says Unable to locate a reference to a supported schema type (DTD, W3C Schema) within this document instance.
I generate this response with C# and have used it in a previous project without problems. Any ideas on what I'm missing/doing wrong?
<samlp:Response ID="_E27F438B33756518E90C7E3AC535B439" Version="2.0" IssueInstant="2011-10-06T11:55:47Z" Destination="https://test.salesforce.com" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.salesforce.com</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#_E27F438B33756518E90C7E3AC535B439"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces PrefixList="#default saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>En5W1EvQScxxBQRO7YHZO9rhitE=</DigestValue> </Reference> </SignedInfo> <SignatureValue>UQoEZIb9tEOmIsIsRIuxmR5m3PkTSAuvo2O4IZFetDLImgdLcyEgyFJMzLraYGDE2rwuh+CrXBDAiOQITXACZJzvlmu1J9LkS58yIhWR3ueuRCO9E/4qB0C6NVm+sMg8cLghri5Tkrmw/yEwjdxYpNhoK3C1FGLw6/vDWuMrUBQ=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIBsDCCAV6gAwIBAgIQ17uprPrVF71GkQt76KKJQDAJBgUrDgMCHQUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEwMTAyMDE3MzgxOVoXDTM5MTIzMTIzNTk1OVowEzERMA8GA1UEAxMIQU1TQVBQOTQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJGSOhFOHH4Mo9S5z4rSzgZKQnJPWRsGjvVYPoPHfn2kWCISrxam6p4f4m5xNrUQIJ9Y1QP6LZRK7NURkNo1TvzRLlyuzTH/5hBAmFKV3g89lIFfnIRbiBW7hWld8kJHyK79ZPAYl93VjvPgs1xLpIoX3zBqFDQ3YxSeMbYDeSWvAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAev9UMjxR8RFYHT3hjILBCNjPVIWPcUey41dNWilkQZIBq99c58N4bL9zjOrX4+ri/8w8bHqd6gIbtASMEz0HpQ==</X509Certificate> </X509Data> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion Version="2.0" ID="_64A96C56928D068794CC29675229BC6E" IssueInstant="2011-10-06T11:55:47Z" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://www.salesforce.com</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user@company.com</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2011-10-06T12:05:47Z" Recipient="https://test.salesforce.com"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2011-10-06T12:05:47Z"> <saml:AudienceRestriction> <saml:Audience>https://saml.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2011-10-06T11:55:47Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion> </samlp:Response>
Are you still having this issue? Let me know and we can take a close look. Sorry about the delay