• newbebie
  • NEWBIE
  • 0 Points
  • Member since 2012

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 3
    Questions
  • 0
    Replies

Hi chuckmortimore,

 

I am  currrently working on the following setup:

1.Pingfederate-6.6.0
2.Windows-IWA-Integration-Kit-2-6
3.Salesforce-Connector-4-1
3.RHEL 5.3 x86_64

I am trying to integrate pingfedearte-6.6.0 with salesforce.

My Aim is Active Directory Users wants to enter into the Salesforce.(ie., IdP-initiated SSO).


I have created the Digital Signing certificate in Ping federate. In Salesforce i have enabled the SSO settings and filled the details of SSO settings. Imported the Digital signed certificate in SSO settings. When i access the SSO endpoint url https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://saml.salesforce.com  through browser im getting the issue like,

Login Error Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.”


I thought because of domain is not created in Salesforce facing this issue. So, I have created the Domain in Salesforce and provided the Endpoint URL as https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://https://testidam-dev-ed.my.salesforce.com. But still i am facing the issue.

When i validate the SAML assertion in the SAMl Validator i got the Following Message.

 

Unexpected Exceptions
  Ok
1. Validating the Status
  Ok
2. Looking for an Authentication Statement
  Ok
3. Looking for a Conditions statement
  Ok
4. Checking that the timestamps in the assertion are valid
  Current time is after notOnOrAfter in Conditions
  Current time is: 2012-08-09T09:35:11.301Z
  Time limit in Conditions, adjusted for skew, is: 2012-08-09T09:28:41.471Z
  Timestamp of the response is outside of allowed time window
  Current time is: 2012-08-09T09:35:11.301Z
  Timestamp is: 2012-08-09T09:20:41.437Z
  Allowed skew in milliseconds is 480000
  Timestamp of the assertion is outside of allowed time window
  Current time is: 2012-08-09T09:35:11.301Z
  Timestamp is: 2012-08-09T09:20:41.469Z
  Allowed skew in milliseconds is 480000
5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  Ok
7. Confirming Issuer matches
  Ok
8. Confirming a Subject Confirmation was provided and contains valid timestamps
  Ok
9. Checking that the Audience matches, if provided
  Ok
10. Checking the Recipient
  Ok
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  The reference in the assertion signature is valid
  Signature or certificate problems
  The signature in the assertion is not valid
  Is the correct certificate supplied in the keyinfo? false
  Certificate specified in settings: CN=PF-Googleapps, OU=IDMCOE, O=Hexaware, L=Chennai, ST=Tamil Nadu, C=IN Expiration: 12 Jul 2013 14:00:34 GMT
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
  Ok

 


Subject: IDMCOE.COM
Unable to map the subject to a Salesforce.com user

AssertionId: sycHvSK8z0Yp1aLp.vDqdGmY_1T

 

 

Anyone please help me to fix this issue. It will be helpful to me. 

 

 

 

Regards,

Karthick

Hi everyone,

 

I am  currrently working on following setup.
1.Pingfederate-6.6.0
2.Windows-IWA-Integration-Kit-2-6
3.Salesforce-Connector-4-1
3.RHEL 5.3 x86_64

i am trying to integrate pingfedearte-6.6.0 with salesforce.

 

I have created the Digital signing certificate in Ping federate. In Salesforce enabled the SSO settings and fill the details of SSO settings. Imported the Digital signed certificate in SSO settings. When i access the SSO endpoint url https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://saml.salesforce.com  through browser im getting the issue like,

 

Login Error Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.”

 

Am i doing anything wrong while creating certificate or want to  do any modifications in SP connection?

 

The  SAML validator shows the follwing Result:

 

Unexpected Exceptions
  Ok
1. Validating the Status
  Ok
2. Looking for an Authentication Statement
  Ok
3. Looking for a Conditions statement
  Ok
4. Checking that the timestamps in the assertion are valid
  Ok
5. Checking that the Attribute namespace matches, if provided
  Not Provided
6. Miscellaneous format confirmations
  Ok
7. Confirming Issuer matches
  Ok
8. Confirming a Subject Confirmation was provided and contains valid timestamps
  Ok
9. Checking that the Audience matches, if provided
  Ok
10. Checking the Recipient
  Ok
11. Validating the Signature
  Is the response signed? false
  Is the assertion signed? true
  The reference in the assertion signature is valid
  Is the correct certificate supplied in the keyinfo? true
  Signature or certificate problems
  The signature in the assertion is not valid
12. Checking that the Site URL Attribute contains a valid site url, if provided
  Not Provided
13. Looking for portal and organization id, if provided
  Ok

 

Please help me on this...

 

 

 

Thanks in advance.

 

 

Regards,

Karthick

Hi everyone,

 

I am  currrently working on following setup.
1.Pingfederate-6.6.0
2.Windows-IWA-Integration-Kit-2-6
3.Salesforce-Connector-4-1
3.RHEL 5.3 x86_64

i am trying to integrate pingfedearte-6.6.0 with salesforce.

 

I have created the Digital signing certificate in Ping federate. In Salesforce enabled the SSO settings and fill the details of SSO settings. Imported the Digital signed certificate in SSO settings. When i access the SSO endpoint url https://idp-url:9031/idp/startSSO.ping?PartnerSpId=https://saml.salesforce.com  through browser im getting the issue like,

 

Login Error Your login attempt using single sign-on with an identity provider certificate has failed. Please contact your salesforce.com administrator for more information.”

 

Am i doing anything wrong while creating certificate or want to  do any modifications?

 

Please suggest me on this. Im in very critical Position.

 

 

Regards,

Karthick.