Sign Up ›
  • Emmanuel telmon
  • NEWBIE
  • 0 Points
  • Member since 2019
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 3
    Questions
  • 2
    Replies
2 replies

why is the saml response invalid

Hi,

I received a successful login in the SAML RESPONSE using SAML SSO (SP originated)

But I do not understand that why the SAML Response validator tool (in the SF website) returns the following:
invalid_grant, invalid assertion


What is wrong with the following SAML Reponse?

<?xml version="1.0" encoding="UTF-8"?> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://zimit.dyndns.biz:5000/acs" ID="_b4f506626f60836832fec8afe3a6e43c1560292940423" InResponseTo="_97d26c1d-f354-4d98-af9f-e473a8021ed2" IssueInstant="2019-06-11T22:42:20.423Z" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://zimit-dev-ed.my.salesforce.com</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_b4f506626f60836832fec8afe3a6e43c1560292940423"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp xs xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>psjhGPpxucOBnXvtzOJz6eP+QyM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Q1TomO/zVxOFx89xE0wKg53CzFk6jfBk/hjbOILSIoZbgpbLWmLPUSUhQdVGFn4M1ofdw4gw7kbX in7Ir56TuKGqMINRfK9bzk52x+z1Ma9tp0bmSoSB6Si7U2GCrDMezDcU4T0zEm+zOPg1rgcE6Xit kndjpbXWSkwUvM2CTPkf8R5/5gIFGvAKmmGs6s4hyxs8ytAA4D31LOk4nT4gH/MFeyvcA+b5O8oy TkRmi4EX5dmzgVeLC/H5v2xCDsBsEKTwcRa5sIpu0xxslvqv7EQJKn9zYTpi0JTHfc9DR/NnWaQH 9PCBhi0f4njazX2jNZ6NqiDpfGkMxNyCi9rNeg== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIEgTCCA2mgAwIBAgIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQAwgYIxGjAYBgNVBAMM EVppbWl0X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNh bGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UE BhMDVVNBMB4XDTE4MTEyNjE1MTkzOVoXDTE5MTEyNjEyMDAwMFowgYIxGjAYBgNVBAMMEVppbWl0 X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNhbGVzZm9y Y2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutF5Z7nKVe57tAxckUjf3uU+5bzP7+8R NUNlmp49LKz9TQEHu98K8TRNjLll8LiyKWx1ETHQd7He5yo0Mb8TSLd+LZ+8lhw3BzO13/BrQWN6 4YBlaJptHCRWlKh/qjLZq2ctVztUZ8GkaUPM+Xu8gJYXxqOm4vcCeC0G0uKDHZFn23ZftLseFI2K 5krG3aFZX4SOOsFF0gyV2rynNpaaAFegShweqLY9cRGbjAGSaTT7BwFxU0cTrAUzDs7EsQYiOKIG jSDjqE4QR3FfSsSCP6a0KHT4WwHHzdNHTLcQo2BPnsnwI1f+eK03wRIkomqW2qtvK2XiYC/PjUqp 89ygnQIDAQABo4HyMIHvMB0GA1UdDgQWBBRDqm9UpG3NeCtbDE7/xTGup9ogpTAPBgNVHRMBAf8E BTADAQH/MIG8BgNVHSMEgbQwgbGAFEOqb1Skbc14K1sMTv/FMa6n2iCloYGIpIGFMIGCMRowGAYD VQQDDBFaaW1pdF9TU18xMV8yNl8xODEYMBYGA1UECwwPMDBEMzYwMDAwMDBadElxMRcwFQYDVQQK DA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAK BgNVBAYTA1VTQYIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQADggEBAGBpLAJax4efGSlH 8V6M24q/6Tm5Li8S6/s925/LVjooqonqsqqsemaR13Bxq6GIszHOJIU1BiyB9kxnMcxFsOfyorR7 oNfc5RvfjSNn8QRHy/xpDBOtx/QBEuOWKPwDqV3fXiMStNEN3NMiX/t2RepnZle45tMiPi/vnWsa n9EnYxlNcRmfan+liRYL+KFsIY2BycyHugyzpMAwjsRZPYhPxYewtyQj0RUV3mb0wNgjiCDKydPX KmNDwTMb0a9erjEJ7twttBsE7/AwLNO3Y3a+Kbhh2+3LLxJ5DQmGZorfZoLz3dVJHYbLFO4y13mK wwSxIPoCRT+LjG3cfcu/0js=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_729b075a9ae3301514cbeb7db39f204e1560292940423" IssueInstant="2019-06-11T22:42:20.423Z" Version="2.0"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://zimit-dev-ed.my.salesforce.com</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_729b075a9ae3301514cbeb7db39f204e1560292940423"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xs xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>aYZmrvjN40qDA0gB2Y7ml69YNms=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> gcAkJTW8vY1E3pIY595NWPvNHKYQQwhXdIT5U8HheS/Q58WWkVbc1ef2wsYKHjOBBzJKC04YQu8J ODYxpB9sZ9PW3YyWwq6XJssmv9+H9J+n1jZL/yomZI98yTIwhmK/YY6YWW+lnLgMAcna0iqtb+la XqP+wNQnLhG3tuyIFkde4jNzg52ToS8ntPqTksVeXeJ0cdD73LyFJpxBVmCGtTMvkZrGgiMMIL4J Ysw5ny5mfTZf66vRsX5oUklHXP41Iluj/NQaNf4IiVYZHiQV1Paimvh4pDMWhszazZxpBhXWXHFw y43KwcagIbXI/1LRjYaovMAD63VkSnC8bOtqUA== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIEgTCCA2mgAwIBAgIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQAwgYIxGjAYBgNVBAMM EVppbWl0X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNh bGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UE BhMDVVNBMB4XDTE4MTEyNjE1MTkzOVoXDTE5MTEyNjEyMDAwMFowgYIxGjAYBgNVBAMMEVppbWl0 X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNhbGVzZm9y Y2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutF5Z7nKVe57tAxckUjf3uU+5bzP7+8R NUNlmp49LKz9TQEHu98K8TRNjLll8LiyKWx1ETHQd7He5yo0Mb8TSLd+LZ+8lhw3BzO13/BrQWN6 4YBlaJptHCRWlKh/qjLZq2ctVztUZ8GkaUPM+Xu8gJYXxqOm4vcCeC0G0uKDHZFn23ZftLseFI2K 5krG3aFZX4SOOsFF0gyV2rynNpaaAFegShweqLY9cRGbjAGSaTT7BwFxU0cTrAUzDs7EsQYiOKIG jSDjqE4QR3FfSsSCP6a0KHT4WwHHzdNHTLcQo2BPnsnwI1f+eK03wRIkomqW2qtvK2XiYC/PjUqp 89ygnQIDAQABo4HyMIHvMB0GA1UdDgQWBBRDqm9UpG3NeCtbDE7/xTGup9ogpTAPBgNVHRMBAf8E BTADAQH/MIG8BgNVHSMEgbQwgbGAFEOqb1Skbc14K1sMTv/FMa6n2iCloYGIpIGFMIGCMRowGAYD VQQDDBFaaW1pdF9TU18xMV8yNl8xODEYMBYGA1UECwwPMDBEMzYwMDAwMDBadElxMRcwFQYDVQQK DA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAK BgNVBAYTA1VTQYIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQADggEBAGBpLAJax4efGSlH 8V6M24q/6Tm5Li8S6/s925/LVjooqonqsqqsemaR13Bxq6GIszHOJIU1BiyB9kxnMcxFsOfyorR7 oNfc5RvfjSNn8QRHy/xpDBOtx/QBEuOWKPwDqV3fXiMStNEN3NMiX/t2RepnZle45tMiPi/vnWsa n9EnYxlNcRmfan+liRYL+KFsIY2BycyHugyzpMAwjsRZPYhPxYewtyQj0RUV3mb0wNgjiCDKydPX KmNDwTMb0a9erjEJ7twttBsE7/AwLNO3Y3a+Kbhh2+3LLxJ5DQmGZorfZoLz3dVJHYbLFO4y13mK wwSxIPoCRT+LjG3cfcu/0js=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">etelmon@zimit.io</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="_97d26c1d-f354-4d98-af9f-e473a8021ed2" NotOnOrAfter="2019-06-11T22:47:20.423Z" Recipient="http://zimit.dyndns.biz:5000/acs"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2019-06-11T22:41:50.423Z" NotOnOrAfter="2019-06-11T22:47:20.423Z"> <saml:AudienceRestriction> <saml:Audience>https://zimit-dev-ed.my.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2019-06-11T22:42:20.423Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="userId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">00536000005dfvk</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">etelmon@zimit.io</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">etelmon@zimit.io</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="is_portal_user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">false</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>

Regards,

Emmanuel
Newbie
0 replies

Access token from SAML assertion flow not working

Hi,

I am trying to get the access token by implementing the SAML Assertion Flow.
So far, I got the web SAML authentification working with Salesforce being the Identity Provider.
I am getting a SAML response with success and  sales forces did call my server /acs route as expected.


But I can get the access token by reposting the SAMLResponse received to the token endpoint.

I POSTED the following into the body to  https://login.salesforce.com/services/oauth2/token.

grant_type— assertion 
assertion—the SALMContent previously received encoded 64
assertion_type—urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser,

What do I need to modify in that SAML response to post it and get the access token?

Regards,

Emmanuel
Newbie
2 replies

Where is the Certificate Private Key

Hi,

I am trying to generate a SAML assertion to get an access token.
While coding, I was requested to provide a crt and private key (using node module saml). But I do not have the latter to sign to document.

I followed the instruction to create a self signed certificate

https://help.salesforce.com/articleView?err=1&id=security_keys_creating.htm&type=5

I download the crt file generated by Salesforce. But I do not see the private key within.

Do I need to generate my own certificate and upload it in SF instead?

Regards,

Emmanuel.
Newbie


 
2 replies

why is the saml response invalid

Hi,

I received a successful login in the SAML RESPONSE using SAML SSO (SP originated)

But I do not understand that why the SAML Response validator tool (in the SF website) returns the following:
invalid_grant, invalid assertion


What is wrong with the following SAML Reponse?

<?xml version="1.0" encoding="UTF-8"?> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://zimit.dyndns.biz:5000/acs" ID="_b4f506626f60836832fec8afe3a6e43c1560292940423" InResponseTo="_97d26c1d-f354-4d98-af9f-e473a8021ed2" IssueInstant="2019-06-11T22:42:20.423Z" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://zimit-dev-ed.my.salesforce.com</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_b4f506626f60836832fec8afe3a6e43c1560292940423"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp xs xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>psjhGPpxucOBnXvtzOJz6eP+QyM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Q1TomO/zVxOFx89xE0wKg53CzFk6jfBk/hjbOILSIoZbgpbLWmLPUSUhQdVGFn4M1ofdw4gw7kbX in7Ir56TuKGqMINRfK9bzk52x+z1Ma9tp0bmSoSB6Si7U2GCrDMezDcU4T0zEm+zOPg1rgcE6Xit kndjpbXWSkwUvM2CTPkf8R5/5gIFGvAKmmGs6s4hyxs8ytAA4D31LOk4nT4gH/MFeyvcA+b5O8oy TkRmi4EX5dmzgVeLC/H5v2xCDsBsEKTwcRa5sIpu0xxslvqv7EQJKn9zYTpi0JTHfc9DR/NnWaQH 9PCBhi0f4njazX2jNZ6NqiDpfGkMxNyCi9rNeg== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIEgTCCA2mgAwIBAgIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQAwgYIxGjAYBgNVBAMM EVppbWl0X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNh bGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UE BhMDVVNBMB4XDTE4MTEyNjE1MTkzOVoXDTE5MTEyNjEyMDAwMFowgYIxGjAYBgNVBAMMEVppbWl0 X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNhbGVzZm9y Y2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutF5Z7nKVe57tAxckUjf3uU+5bzP7+8R NUNlmp49LKz9TQEHu98K8TRNjLll8LiyKWx1ETHQd7He5yo0Mb8TSLd+LZ+8lhw3BzO13/BrQWN6 4YBlaJptHCRWlKh/qjLZq2ctVztUZ8GkaUPM+Xu8gJYXxqOm4vcCeC0G0uKDHZFn23ZftLseFI2K 5krG3aFZX4SOOsFF0gyV2rynNpaaAFegShweqLY9cRGbjAGSaTT7BwFxU0cTrAUzDs7EsQYiOKIG jSDjqE4QR3FfSsSCP6a0KHT4WwHHzdNHTLcQo2BPnsnwI1f+eK03wRIkomqW2qtvK2XiYC/PjUqp 89ygnQIDAQABo4HyMIHvMB0GA1UdDgQWBBRDqm9UpG3NeCtbDE7/xTGup9ogpTAPBgNVHRMBAf8E BTADAQH/MIG8BgNVHSMEgbQwgbGAFEOqb1Skbc14K1sMTv/FMa6n2iCloYGIpIGFMIGCMRowGAYD VQQDDBFaaW1pdF9TU18xMV8yNl8xODEYMBYGA1UECwwPMDBEMzYwMDAwMDBadElxMRcwFQYDVQQK DA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAK BgNVBAYTA1VTQYIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQADggEBAGBpLAJax4efGSlH 8V6M24q/6Tm5Li8S6/s925/LVjooqonqsqqsemaR13Bxq6GIszHOJIU1BiyB9kxnMcxFsOfyorR7 oNfc5RvfjSNn8QRHy/xpDBOtx/QBEuOWKPwDqV3fXiMStNEN3NMiX/t2RepnZle45tMiPi/vnWsa n9EnYxlNcRmfan+liRYL+KFsIY2BycyHugyzpMAwjsRZPYhPxYewtyQj0RUV3mb0wNgjiCDKydPX KmNDwTMb0a9erjEJ7twttBsE7/AwLNO3Y3a+Kbhh2+3LLxJ5DQmGZorfZoLz3dVJHYbLFO4y13mK wwSxIPoCRT+LjG3cfcu/0js=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_729b075a9ae3301514cbeb7db39f204e1560292940423" IssueInstant="2019-06-11T22:42:20.423Z" Version="2.0"> <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://zimit-dev-ed.my.salesforce.com</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_729b075a9ae3301514cbeb7db39f204e1560292940423"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml xs xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>aYZmrvjN40qDA0gB2Y7ml69YNms=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> gcAkJTW8vY1E3pIY595NWPvNHKYQQwhXdIT5U8HheS/Q58WWkVbc1ef2wsYKHjOBBzJKC04YQu8J ODYxpB9sZ9PW3YyWwq6XJssmv9+H9J+n1jZL/yomZI98yTIwhmK/YY6YWW+lnLgMAcna0iqtb+la XqP+wNQnLhG3tuyIFkde4jNzg52ToS8ntPqTksVeXeJ0cdD73LyFJpxBVmCGtTMvkZrGgiMMIL4J Ysw5ny5mfTZf66vRsX5oUklHXP41Iluj/NQaNf4IiVYZHiQV1Paimvh4pDMWhszazZxpBhXWXHFw y43KwcagIbXI/1LRjYaovMAD63VkSnC8bOtqUA== </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIEgTCCA2mgAwIBAgIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQAwgYIxGjAYBgNVBAMM EVppbWl0X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNh bGVzZm9yY2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UE BhMDVVNBMB4XDTE4MTEyNjE1MTkzOVoXDTE5MTEyNjEyMDAwMFowgYIxGjAYBgNVBAMMEVppbWl0 X1NTXzExXzI2XzE4MRgwFgYDVQQLDA8wMEQzNjAwMDAwMFp0SXExFzAVBgNVBAoMDlNhbGVzZm9y Y2UuY29tMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQswCQYDVQQIDAJDQTEMMAoGA1UEBhMDVVNB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutF5Z7nKVe57tAxckUjf3uU+5bzP7+8R NUNlmp49LKz9TQEHu98K8TRNjLll8LiyKWx1ETHQd7He5yo0Mb8TSLd+LZ+8lhw3BzO13/BrQWN6 4YBlaJptHCRWlKh/qjLZq2ctVztUZ8GkaUPM+Xu8gJYXxqOm4vcCeC0G0uKDHZFn23ZftLseFI2K 5krG3aFZX4SOOsFF0gyV2rynNpaaAFegShweqLY9cRGbjAGSaTT7BwFxU0cTrAUzDs7EsQYiOKIG jSDjqE4QR3FfSsSCP6a0KHT4WwHHzdNHTLcQo2BPnsnwI1f+eK03wRIkomqW2qtvK2XiYC/PjUqp 89ygnQIDAQABo4HyMIHvMB0GA1UdDgQWBBRDqm9UpG3NeCtbDE7/xTGup9ogpTAPBgNVHRMBAf8E BTADAQH/MIG8BgNVHSMEgbQwgbGAFEOqb1Skbc14K1sMTv/FMa6n2iCloYGIpIGFMIGCMRowGAYD VQQDDBFaaW1pdF9TU18xMV8yNl8xODEYMBYGA1UECwwPMDBEMzYwMDAwMDBadElxMRcwFQYDVQQK DA5TYWxlc2ZvcmNlLmNvbTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzELMAkGA1UECAwCQ0ExDDAK BgNVBAYTA1VTQYIOAWdQmsavAAAAADtTBpYwDQYJKoZIhvcNAQELBQADggEBAGBpLAJax4efGSlH 8V6M24q/6Tm5Li8S6/s925/LVjooqonqsqqsemaR13Bxq6GIszHOJIU1BiyB9kxnMcxFsOfyorR7 oNfc5RvfjSNn8QRHy/xpDBOtx/QBEuOWKPwDqV3fXiMStNEN3NMiX/t2RepnZle45tMiPi/vnWsa n9EnYxlNcRmfan+liRYL+KFsIY2BycyHugyzpMAwjsRZPYhPxYewtyQj0RUV3mb0wNgjiCDKydPX KmNDwTMb0a9erjEJ7twttBsE7/AwLNO3Y3a+Kbhh2+3LLxJ5DQmGZorfZoLz3dVJHYbLFO4y13mK wwSxIPoCRT+LjG3cfcu/0js=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">etelmon@zimit.io</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="_97d26c1d-f354-4d98-af9f-e473a8021ed2" NotOnOrAfter="2019-06-11T22:47:20.423Z" Recipient="http://zimit.dyndns.biz:5000/acs"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2019-06-11T22:41:50.423Z" NotOnOrAfter="2019-06-11T22:47:20.423Z"> <saml:AudienceRestriction> <saml:Audience>https://zimit-dev-ed.my.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2019-06-11T22:42:20.423Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="userId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">00536000005dfvk</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">etelmon@zimit.io</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">etelmon@zimit.io</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="is_portal_user" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">false</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>

Regards,

Emmanuel
Newbie
2 replies

Where is the Certificate Private Key

Hi,

I am trying to generate a SAML assertion to get an access token.
While coding, I was requested to provide a crt and private key (using node module saml). But I do not have the latter to sign to document.

I followed the instruction to create a self signed certificate

https://help.salesforce.com/articleView?err=1&id=security_keys_creating.htm&type=5

I download the crt file generated by Salesforce. But I do not see the private key within.

Do I need to generate my own certificate and upload it in SF instead?

Regards,

Emmanuel.
Newbie