• DemonsOut
  • NEWBIE
  • 0 Points
  • Member since 2010

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 2
    Replies
I'm using OpenSSO to authenticate with my SF developer account.  According to the SAML Validator my SAML response is good.  This is supported by the Login History, which shows a successful login for my user via SAML Idp Initiated SSO.  Still, instead of getting directed into SF after login, I get redirected to the following error page:

 


Invalid Page Redirection
The page you attempted to access has been blocked due to a redirection to an outside website or an improperly coded link or button. Please contact your salesforce.com Administrator for assistance.

Click here to return to the previous page.


The SAML Response is below.  Any suggestions would be appreciated.

 

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2"
ID="s284c6b267aec8be2c66edcc163f7cf5a492522909"
IssueInstant="2010-03-07T01:21:18Z" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#s284c6b267aec8be2c66edcc163f7cf5a492522909">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>bbdtFNmHOCmOJDxBKRPBQMGWx/c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
NyXQjGHDh7CEcmBaY5G8EcbP3nsALGkCR/dls5wy72hhvN4+EJlvD/fQuSIjxPrHl/nJJTXQJwwJ
rJN6+8CBqBXPM+OAbfRzSY1MryIgi2gGxZgvYtve0VTIsJn+D86Uh6nJEbDODE9qlUEF+hpsZwgp
qTehm8e0BzCRU8d0yNs=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
/FfwWigmrW0Y0Q==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success">
</samlp:StatusCode>
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="s26d010fb96c415e8dd239c664b62a95b62ad186c3"
IssueInstant="2010-03-07T01:21:18Z" Version="2.0">
<saml:Issuer>
http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="http://www.abazaindustries.com:8080/opensso_abaza"
SPNameQualifier="https://saml.salesforce.com">
xYNogS2tyRrH1DdZ1ASUD5BJZWlC</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml:SubjectConfirmationData NotOnOrAfter="2010-03-07T01:31:18Z"
Recipient="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2010-03-07T01:11:18Z"
NotOnOrAfter="2010-03-07T01:31:18Z">
<saml:AudienceRestriction>
<saml:Audience>https://saml.salesforce.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2010-03-07T01:21:18Z"
SessionIndex="s2632afd2c7d9eee1430c180dbc8ffc4e1891c3b01">
<saml:AuthnContext>
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="ATTR_PHONE">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">555-555-5555</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

 

Message Edited by DemonsOut on 03-07-2010 07:00 PM

I'm using OpenSSO to authenticate with my SF developer account.  According tothe SAML Validator my SAML response is good.  This is supported by the Login History, which shows a successful login for my user via SAML Idp Initiated SSO.  Still, instead of getting directed into SF after login, I get redirected to the following error page:

 


Invalid Page Redirection
The page you attempted to access has been blocked due to a redirection to an outside website or an improperly coded link or button. Please contact your salesforce.com Administrator for assistance.

Click here to return to the previous page.


Here's the SAML Response:

 

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" ID="s284c6b267aec8be2c66edcc163f7cf5a492522909" IssueInstant="2010-03-07T01:21:18Z" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#s284c6b267aec8be2c66edcc163f7cf5a492522909"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>bbdtFNmHOCmOJDxBKRPBQMGWx/c=</DigestValue> </Reference> </SignedInfo> <SignatureValue> NyXQjGHDh7CEcmBaY5G8EcbP3nsALGkCR/dls5wy72hhvN4+EJlvD/fQuSIjxPrHl/nJJTXQJwwJ rJN6+8CBqBXPM+OAbfRzSY1MryIgi2gGxZgvYtve0VTIsJn+D86Uh6nJEbDODE9qlUEF+hpsZwgp qTehm8e0BzCRU8d0yNs=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate> MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+ RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC /FfwWigmrW0Y0Q==</X509Certificate> </X509Data> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s26d010fb96c415e8dd239c664b62a95b62ad186c3" IssueInstant="2010-03-07T01:21:18Z" Version="2.0"> <saml:Issuer> http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="http://www.abazaindustries.com:8080/opensso_abaza" SPNameQualifier="https://saml.salesforce.com"> xYNogS2tyRrH1DdZ1ASUD5BJZWlC</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2010-03-07T01:31:18Z" Recipient="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2010-03-07T01:11:18Z" NotOnOrAfter="2010-03-07T01:31:18Z"> <saml:AudienceRestriction> <saml:Audience>https://saml.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2010-03-07T01:21:18Z" SessionIndex="s2632afd2c7d9eee1430c180dbc8ffc4e1891c3b01"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="ATTR_PHONE"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">555-555-5555</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>

 

 

I'm using OpenSSO to authenticate with my SF developer account.  According tothe SAML Validator my SAML response is good.  This is supported by the Login History, which shows a successful login for my user via SAML Idp Initiated SSO.  Still, instead of getting directed into SF after login, I get redirected to the following error page:

 


Invalid Page Redirection
The page you attempted to access has been blocked due to a redirection to an outside website or an improperly coded link or button. Please contact your salesforce.com Administrator for assistance.

Click here to return to the previous page.


Here's the SAML Response:

 

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" ID="s284c6b267aec8be2c66edcc163f7cf5a492522909" IssueInstant="2010-03-07T01:21:18Z" Version="2.0"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="#s284c6b267aec8be2c66edcc163f7cf5a492522909"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>bbdtFNmHOCmOJDxBKRPBQMGWx/c=</DigestValue> </Reference> </SignedInfo> <SignatureValue> NyXQjGHDh7CEcmBaY5G8EcbP3nsALGkCR/dls5wy72hhvN4+EJlvD/fQuSIjxPrHl/nJJTXQJwwJ rJN6+8CBqBXPM+OAbfRzSY1MryIgi2gGxZgvYtve0VTIsJn+D86Uh6nJEbDODE9qlUEF+hpsZwgp qTehm8e0BzCRU8d0yNs=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate> MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+ RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC /FfwWigmrW0Y0Q==</X509Certificate> </X509Data> </KeyInfo> </Signature> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode> </samlp:Status> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="s26d010fb96c415e8dd239c664b62a95b62ad186c3" IssueInstant="2010-03-07T01:21:18Z" Version="2.0"> <saml:Issuer> http://www.abazaindustries.com:8080/opensso_abaza</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="http://www.abazaindustries.com:8080/opensso_abaza" SPNameQualifier="https://saml.salesforce.com"> xYNogS2tyRrH1DdZ1ASUD5BJZWlC</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="2010-03-07T01:31:18Z" Recipient="https://login.salesforce.com/?saml=02HKiPoin4YWIEZVhRxAotsxXTE8snvZkcfnHVUoabFTp6uOXs180wMbR2" /> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="2010-03-07T01:11:18Z" NotOnOrAfter="2010-03-07T01:31:18Z"> <saml:AudienceRestriction> <saml:Audience>https://saml.salesforce.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2010-03-07T01:21:18Z" SessionIndex="s2632afd2c7d9eee1430c180dbc8ffc4e1891c3b01"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute Name="ATTR_PHONE"> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">555-555-5555</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>