• sberyozkin
  • NEWBIE
  • 0 Points
  • Member since 2013

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 2
    Replies

Hi - I get a client posting what appears to be a valid SAML2 Bearer grant to a Salesforce access token endpoint. The error is

"user hasn't approved this consumer".

 

I guess "the consumer" is identified by a client_id of the registered Remote/Connected application. When I build a SAML2 assertion I use that "client_id" as an issuer and my own login name as "subject name".

 

So I have this application with my Salesforce account view, but how do I get this connected application 'approved' ?

Hi - I get a client posting what appears to be a valid SAML2 Bearer grant to a Salesforce access token endpoint. The error is

"user hasn't approved this consumer".

 

I guess "the consumer" is identified by a client_id of the registered Remote/Connected application. When I build a SAML2 assertion I use that "client_id" as an issuer and my own login name as "subject name".

 

So I have this application with my Salesforce account view, but how do I get this connected application 'approved' ?

I have created SAML assertion with referce to link http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-10

I refered  https://login.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm link

according to above link I did

  • Organization creates a Remote Access OAuth Consumer -- created Remote access application with following details 

                Callback URL : https://test.salesforce.com/services/oauth2/success -- as I am accessing this from standalone class

I checked  : No user approval required for users in this organization

I uploaded certificate , same certificate I used for signing my assertion created.


  • Organization writes an application that generates a SAML token

For this I  made post call to

         URL :  https://login.salesforce.com/services/oauth2/authorize

and data : 

post.addParameter("client_id","3MVG9Y6d_Btp4xp7hhxW8OtuTagu9IvM6pZ9WwW6ODSVU.4Qp8vV0XB2i0sQ0mfVWCopKNdHkJqxE16Eeonz_");
post.addParameter("client_assertion_type","urn:ietf:params:oauth:assertion_type:saml2-bearer");
post.addParameter("client_assertion", Base64.encode(samlResponse.getBytes()));

 

 

with above data I am getting errot message :

( error=unsupported_response_type&error_description=response%20type%20not%20supported)

 

in reference link it is metioned 

client_assertion_type: The format of the assertion as defined by the authorization server. The value MUST be an absolute URL

 

I am confused about this part. The data I used is valid ?