//Adam
Unable to validate Signature
0: /usr/share/simplesamlphp/lib/SAML2/Utils.php:104 (SAML2_Utils::validateSignature) 1: /usr/share/simplesamlphp/lib/SAML2/Assertion.php:507 (SAML2_Assertion::validate) 2: /usr/share/simplesamlphp/modules/saml2/lib/Message.php:190 (sspmod_saml2_Message::checkSign) 3: /usr/share/simplesamlphp/modules/saml2/lib/Message.php:708 (sspmod_saml2_Message::processResponse) 4: /usr/share/simplesamlphp/modules/saml/www/sp/saml2-acs.php:50 (require) 5: /usr/share/simplesamlphp/www/module.php:135 (N/A)
A bit more informative but still not understanding where I should be defining this. I see mentions of modifying saml20-idp-remote.php but I though this file was to be maintained as simply the metadata contents of my IDP..
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
Oups !
The second file to edit is <document_root>/simplesamlphp/config/
authsources.php
Chrys
On 22 mai, 16:54, Chrys31 <wilfrid.lef...@gmail.com> wrote:
> Hi Florian,
>
> I speak French and my English is very bad but I will try to help you.
> I consider simplesaml is installed and configured on your web server
> Apache (www.mysite.com) and ADFS2 is installed on your federation
> server (www.myadfs.com).
>
> Open a browser and go to URLhttp://www.myadfs.com/Federationmetadata/2007-06/FederationMetadata.xml
> Save as FederationMetadata.xml.
>
> Open a browser and go tohttps://www.mysite.com/simplesaml/
> Select Federation tab
> Click on Convert XML Metadata to simpleSAML.php
> Paste the content of the previous file (FederationMetadata.xml)
> Click on Analyse
> On saml20-idp-remote section, select all text and copy it
> Edit the file <document_root>/simplesamlphp/metadata/saml20-idp-
> remote.php (save a copy like saml20-idp-remote.bak)
> Delete all text between <?php … ?> (keep "<?php" and "?>"
> Paste the previous selected text between "<?php" and "?>"
> Under ‘entityid’ line, add following line: ‘sign.logout’ => TRUE,
> Save saml20-idp-remote.php
>
> Edit the file
> in the $config array adds an entry like
> 'myauth' => array(
> 'saml:SP',
> 'idp' => 'http://www.myadfs.com/adfs/services/trust',
> 'privatekey' => '001-mysite.key',
> 'certificate' => '001-mysite.crt',
> ),
>
> On ADFS server, open the ADFS 2.0 consol
> Go to Approbation relationship, and Relaying party approbation.
> Click on Add approbation
> Click on Start
> Enter the following address:https://www.mysite.com/simplesaml/module.php/saml/sp/metadata.php/myauth
> Click on OK.
> Enter the application name.
> Click on Next.
> Click on Authorize user access to this relying party.
> Click on Next.
> Click on Next.
> Click on Close.
> Adds and configures all the rules you need.
> Click on OK.
> The new relaying party is added.
> Double click on it.
> On advanced tab, select algorithm hash to SHA-1.
> Click on OK.
>
> Regards,
>
> Chrys.
>