[Third -Party-Auth] SAML problem

[truong nguyen]

Hi everyone!
My purpose is use Shibboleth IdP v3 which installed in tomcat 8 server to authenticate username/password.I have checked my IdP server (http://idp-hcmut.vn) with Testshib,it's successfull.
Then I intergrated my Idp server (http://idp-hcmut.vn) to Edx,also successfully,I follow these instruction:
 http://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/open-release-eucalyptus.master/configuration/tpa/index.html
Problem is when I login into edx (register/sign in) use my IdP server,It redirected me to my edx (it's ok) but Message:

An error occurred.

Authentication failed: SAML login failed: ['invalid_response'] (There is no AttributeStatement on the Response)

my edx-server is http://sp-hcmut.vn:8000.

Please help me solve problem!

[Braden MacDonald]

Hi,

Please read through this past thread and try the suggestions in there: https://groups.google.com/d/msg/openedx-ops/d-rmACND180/ZuLbMh9SIAAJ

Let us know if that helps!

--

Braden

@OpenCraft

--
You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/7a914c02-402b-48ef-a15a-616cacff3472%40googlegroups.com.

[truong nguyen]

Hi Braden !

I tried yours instruction above: "SECURITY_CONFIG": { "requestedAuthnContext": false }

It solved problem,maybe!

But has a new error!

An error occurred.

Authentication failed: SAML login failed: ['invalid_response'] (Invalid issuer in the Assertion/Response)

This is my SAML response:

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:Response Destination="http://sp-hcmut.vn:8000/auth/complete/tpa-saml/"

    ID="_134b443dce67f1b4cd4645a37b65f9e4"

    InResponseTo="ONELOGIN_12252ec510136316ce950f2a33382f110989a5a9"

    IssueInstant="2016-11-06T10:55:57.966Z" Version="2.0"

    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>

    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <ds:SignedInfo>

            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

            <ds:Reference URI="#_134b443dce67f1b4cd4645a37b65f9e4">

                <ds:Transforms>

                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                </ds:Transforms>

                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                <ds:DigestValue>/C9k4/6oD79YVjJ2UX8TJ/BtZhwsvQhUSVTf1vJ1hhQ=</ds:DigestValue>

            </ds:Reference>

        </ds:SignedInfo>

        <ds:SignatureValue>

            F8iyL6C+vUTrxkTAAdnyaXztmCZFqxaVkTURD7gb9cMxZlo6VuSS1eJFw7kOr1aLK3XM0qHELBKe

            CiaaKUFS+14WcBwzgJj36WzzT2dB95cQMI47xFbTJN5nP8Yk6riJE7SR4NCAnMIn4dj9HgSBmhLH

            K1D9b5zk72GRS4obOAb0Fuvz/dNFh4gOmxv4++wGdI1Bds4326VyloWJTMPgShJ4DFokLx9ldTz/

            vNMHtWYN66OurK9Kf8Oxaqi+aj6Mdlv38YJXF1GsRHF3wQoeYmSFeESYJtY+eb+2nF6U7Z7h2lvL

            fKHkjrDuF2CH2pH2fYAl0frufCgKr2JP0HB2/A==

        </ds:SignatureValue>

        <ds:KeyInfo>

            <ds:X509Data>

                <ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG

                    A1UEAwwMaWRwLWhjbXV0LnZuMB4XDTE2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG

                    A1UEAwwMaWRwLWhjbXV0LnZuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6

                    7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y

                    s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI

                    JMnsSWfnnx2+eTi87/pYudVmRs6/YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/

                    C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9

                    mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman

                    RKfg5o4wPAYDVR0RBDUwM4IMaWRwLWhjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv

                    c2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr

                    G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW

                    45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa

                    ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg

                    g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M 2Q==</ds:X509Certificate>

            </ds:X509Data>

        </ds:KeyInfo>

    </ds:Signature>

    <saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>

    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

        <xenc:EncryptedData Id="_bc6eb3862cd6b26297f3518e4fe42403"

            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"

            xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>

            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                <xenc:EncryptedKey Id="_3acb09cb5c3e9ecb5f7cae320ac842ea" Recipient="http://sp-hcmut.vn:8000"

                    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"

                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"

                        xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod>

                    <ds:KeyInfo>

                        <ds:X509Data>

                            <ds:X509Certificate>MIIC1jCCAj+gAwIBAgIJALbKmuXGyV3TMA0GCSqGSIb3DQEBBQUAMIGDMQswCQYDVQQGEwJWSTEM

                                MAoGA1UECAwDSENNMQwwCgYDVQQHDANIQ00xDjAMBgNVBAoMBUhDTVVUMQwwCgYDVQQLDANlZHgx

                                DjAMBgNVBAMMBUhDTVVUMSowKAYJKoZIhvcNAQkBFhs0MTIwNDIxOXRoZXRydW9uZ0BnbWFpbC5j

                                b20wHhcNMTYxMDI3MTY0NTI1WhcNMjYxMDI3MTY0NTI1WjCBgzELMAkGA1UEBhMCVkkxDDAKBgNV

                                BAgMA0hDTTEMMAoGA1UEBwwDSENNMQ4wDAYDVQQKDAVIQ01VVDEMMAoGA1UECwwDZWR4MQ4wDAYD

                                VQQDDAVIQ01VVDEqMCgGCSqGSIb3DQEJARYbNDEyMDQyMTl0aGV0cnVvbmdAZ21haWwuY29tMIGf

                                MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYR53GA1rs606WaNBu1S+E7L3s5+XjhA5x5UvqzxGl

                                dxhRmModYOY8pEMELaJOPiUt8XG4UvVX82z8tMgpTu2VTuZPf2n2zX8mVKWht1CsAKwhiuMvOODh

                                n5NpODbVV0waX68zIgzXcSyrEV30H66NsANMTaoIia8f/+ibp5kJMQIDAQABo1AwTjAdBgNVHQ4E

                                FgQUcZ99ZIb0ca+SEdxlD7phyNgthUEwHwYDVR0jBBgwFoAUcZ99ZIb0ca+SEdxlD7phyNgthUEw

                                DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB7EXsQnaxuU9LdlywNEymxjA0NLXTe1vHR

                                4py2GmeeQFSUmf4jkH9GwVDCJS8l7AhcHd4c45N1CWlYtOfiDCRf1orW91AYIXpCKreSXo7xn1Mz

                                gpgVgPzJCZGdCjh5bhV8Cexyq9eSS/5O6SPRZV0kd4WacSPYaIdq9/aEGJHwsg==</ds:X509Certificate>

                        </ds:X509Data>

                    </ds:KeyInfo>

                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                        <xenc:CipherValue>e2HC9vvbqzLswQ+jCj3Xf/8cx2OxONqJ3mRF+W/Mg7Dal++7K8dK2XQ4dYWBs1UNytLRHRNskd2V

                            fRgBbk+GX89DdFJ4a7lPjf+IiWC2VvbNv+SbdBuV8YkrBJnnV2Ra3gzH9CRZrmubBcx+foeeCmBh SZkp0lLY7ppKrvXdueg=</xenc:CipherValue>

                    </xenc:CipherData>

                </xenc:EncryptedKey>

            </ds:KeyInfo>

            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                <xenc:CipherValue>72Xbw+wuG23Jvd5B0jmi75KfMv7TrYcV79ZybGkc/2wcOkX756qPE79Fc+NngvZ0+8cZiKpdk8j9

                    AO6ZA9Z/lpca3Sojxuv20mJrm2IdNxGyawGZqF5xvYvgeXHPaWiLWfWPjYPb5gBVhcGeQllycCKq

                    lhChEQiwClPRh/9/hlaQsimT0DhLBvvwHaglNawuzXJtvkz6KaGHS2l6Clcl56l8/lKNYq85iofq

                    XGzWMsSVLCzSkJ2iDX5zwskxaLsczEcTglEpgEK02/mUQ6qveWML7LAPOd+UB0fxKbnwYsSiu4le

                    TaCFxghddP1s+oufTy2ZeUYNZ4xUd2HSRM2IT3Sslxvc4P2BJQDEjJ0wczrH+J5nFfs3nTKmggbw

                    xlpUU1jX4QoQCRbtKG47ZWxmwHMYsblMq4q3dZoqWJNHLYv8UJ8jYVe2xpsk7zTWSn2RNjZKqIIr

                    ZfVYRpDKukbdbq6k3U4EZP2BPvvmh5Hwpg8pbo2aD/vfata4A0VEI8Pq/V47j0oOV5y6fEGjg7rg

                    eNAV4cVorNyRfDis/7FB59o93b738pqSTlvaSnqBvZk4JFUJaTbIlnyUd9ejvzpwf1z3PGIdFU1E

                    viEUyLzHr/SaS1MyqJtBa8gq0nhOKtjKp9cTi2OdL7LIQmw8ECwwBZVUwXtt0VY3Tt3VxY18O14W

                    qY1H45459ae9EKzJeIEEWH1nda8H+/foi3VUBMDvCqWogMnh2KbiATwtbVOEbR3+fECo1+C382fj

                    65/3TTJWXSLcPV+EHkc00qx2Q6HbLVgBBRIKgsEW4gVblzaq4KXGKun7H0DbXmviIfeB1TTjBnP+

                    lxPqiExYk2gbgOQOz1mcygkO1JsLH53Xo84ZecpgTUPXPNZb8irGPxjIv4KogTclOok4BT7o5I65

                    u4io1P8N+2k5iMqALhNJFBsnLyRV+nheQCsybY9GDGHDXnJvZ6sDfpxv0OQNmOiQGLte3WHdAR6/

                    adybbgXqToVxp7Kn6SA9i4Ve/jkcKdqqfedcGQX15fHJ2FJBXe4LpQj3QQRXOqUEPDQ/RZcN0R5j

                    sJtiNFT+tbV4gMDKNXaG2nMvwFbhz03ARRPJW6i37NZf+egNdsVnCHhQtXrp5D0uFS4jRxkUEP6P

                    /fWTZKgGbJarIxAPb+YnVTYV74DzMkkiDheKCNjWKvkui7Jav57ejsxbkPx6PRZ/ZuiQD3Qh5+Vq

                    UCU+jR245qYdwQ5SajMFBkkzgsrz1pBAz4/xA29qIohvosV0ssMBap1Cl9htph/sLY5fNYx8zRB3

                    RIqN3hCogPFvHtb7dHZD8qeobmmKdsfI5OrzhPjrmDChYgOstlakGKzgnft609tYlR37yR8Jm9W9

                    Gn5UtpUGFgknjxRxt8mcv/nYHFvvTwbIHRBeTuA0w8J6LnZdluwzJSoXJ8EhfMHgFByh7vld5vb2

                    oydDfQbFikdU2NNDk8eUFXxyzc91zTQbyrxo/pza3EwyisWl2q4Jov9enxNaxqmyuiqDLQqGSfIc

                    QIgiIxuLkESfk1Hhu4YmUyObpQ1y1vQ5JZ5IQyOH70yLpGrhDZTUPbnSoB+RgaWYJyPyrHKPSclw

                    YsBe/1BXtTuKw8CKtER2w4f8isz2cucgCS1c8aSW1Re+q74fuJThPe30LlKrALx3CHEn0s4jzVHc

                    fVwgY3BdD9E9709m9an7RTMMdshluIBQwI22ywtFpXKV8NRdvUNqBjUYJttS2C08Ie7uqnPmGgvY

                    xheRPD2/hheUJ0ka+KFMgGmPrYNrv+S8SgJ6CbzbeHRkMq6l30zvtLZ+kE0R4vqaCuRojEQlkKCb

                    jInSUUpLRy4IgIt3nmMtdFVYIQRcH56eAfE8kopbjOCIxo76NbgR0MEoaDSkbFTZI0Ldqp969DOK

                    A7ZbCM2wx5lTGl4wSMk8cx/CKkYilnzSHwAvSsQPrfJ82MDwg1xhX5OzGwLJJ7YNWgsr5tv8g2I6

                    pCUjmhgaWsn1wiIV4mBRl/qL54/52PYLLrtahUbNiDaaXgk/usWQ9QmuVhWlsO8g9Blb8lHeb7JY

                    wJRuNtFa1ulbAUQXVyy/7jt4Zydhrufu9CEUfi0tD8SQR5z1DUSR1Vex7rtoCS1Js3MWOt8l7OcQ

                    HuMS50ZflY8GDudiUpr15xBiwkhp2xZT/LGOapezeXllkJFycRgHqRfmX7ZEl8t4T3VNmui5liWN

                    rO0OI3I5qSwsl8yqKa3ZXqfxGSC0fYRocTN2GWuWepk9rpHsmL5JqHxlfPqGD1rSRJnXRRlZG2uK

                    /ouw/lBaZBs9ytnk6xHy9waEnkcV4FV75mBCnwIuERNLtMPjUeMq3dZpb4ndzbAwuLztlOcrB3gC

                    vRlkjo4koxXglZ5oqU+eMDL3oAUpj6kC8Uy2deI8VGrX90GcSouSzl0PhUMCPaAMXntuAijFQsdJ

                    hnHDr3lCh+6U3OsfQZuCtS77xilg6PnXwgOGVjSkUMJ9YhVYIpsnFnV3Fci5UPKL7Hj0znRlQmjT

                    Vo55FblrfrSgM+4+aedT5o8hgJPuV+YI/+aJFViYBUpthueUkN2WUCNu9Us8WGGbitDsSJ+JnWv/

                    GH4kVGC8n21rxe9LObSj2+8CyBGE/TtMIodx72Fr0Xhc6506dOcKFnWIgGcRXIhAxpW21d9e8a0O

                    +5jiyuV/lAw7vtzrw36ULeGYuACBcZ3FMJURvh1gzTkEIJY7NBhbjXrAylOAQ9omiD9xC9u0NBXZ

                    58vDq7XrQrfIIfh2kRtPqKSrnHkpLDITng/S3LEQw406pjszm4wSHjjSGgBEwuaF+TF0wuvQxBx2

                    rLE7fRVgdBRCLUN9uVnKgVnIq8vClRvD71dVSrb2BaSNhD5oDIVGpe6BG8VKqVNM5/q0ulxBMe/s

                    zsyMJbNeaz5HnrDPqst5sN84R4m3cAJiDeiJ1VR6MEUYI10PI0CUtHiI5PvBqQ/oC5tteJY+Pinr

                    nMMDOVxJA4kOUIwh2lU9Qaik6tae3baH3JCVGvldBrJN/vmUI1GYe0FHXkmNgvVF2jQWrPW10c1L

                    VpApbRCN8t7L2GKto+2ZAHNWffbRL0tOZYDJBvsxwlRcpwCBo94wWXcCD32rEq1OHcye/4Rj0FAy

                    QWenMc7QwxiD8aOL2oPa421jHHqRIQip30SNO6jfIUrtb4k8jFVSyBLx4nBDInn0GDco/QNYlbmv

                    bhOejTKrOWVTYT+e2DJ/7JyMUqEH11WxFj1rI6r0tQeoPwDM/YM=</xenc:CipherValue>

            </xenc:CipherData>

        </xenc:EncryptedData>

    </saml2:EncryptedAssertion>

</saml2p:Response>

I think,the reason that is" Assertion" is encrypted (saml2:EncryptedAssertion).

Thank for your help,Braden!

Vào 04:37:23 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, Braden MacDonald đã viết:

[truong nguyen]

I fixed the problem but not solve error.

I configured SAML "Assertion" not to encrypted:Here is my SAML response after I changed configured for "Assertion:

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:Response Destination="http://sp-hcmut.vn:8000/auth/complete/tpa-saml/"

    ID="_8c32051cf7473a6144288a45aaf8a020"

    InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c2624ad3f5e32"

    IssueInstant="2016-11-06T15:37:27.553Z" Version="2.0"

    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>

    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <ds:SignedInfo>

            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

            <ds:Reference URI="#_8c32051cf7473a6144288a45aaf8a020">

                <ds:Transforms>

                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                </ds:Transforms>

                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                <ds:DigestValue>+zc7MUNxJF63OYLTIoZ/cZCUdxY4KZ31Lo7V7saPVTE=</ds:DigestValue>

            </ds:Reference>

        </ds:SignedInfo>

        <ds:SignatureValue>

            b7vz3XQ6+pkLYtIwAw1UDhXlGsYVNrLByTLCWXEtWxymNSGo4IPPJj8T6+a8SqPAE1ouC3jBMXSc

            i+dZ0cN/q7jXlwpUDbXwm+aWtawKvRQ2Sn/LacbT9cp/7x8NVmyy2OIREqDJ0a5cTgzGs7igj1Sx

            +FUV3wIfqBb7yl5jOrgs2Q6BsIBDd853eYXQcSb+zmK1rCzy5psnQRTxS+um2bsbBOPrditf/WhC

            k8Hv4CAiQ+fFd5TeOe3zTOq2IdeYsU2SFWrT3f0pOCvZxvfltAh/wf59z+c8N6e8wYHKwLZzWk0V

            1LG21fpI4mVEJaTr8nHC8woyVc3vmw0OU6OwQw==

        </ds:SignatureValue>

        <ds:KeyInfo>

            <ds:X509Data>

                <ds:X509Certificate>MIIDGzCCAgOgAwIBAgIUXNliKqmdG9Wif5c23KXMhWPEmtAwDQYJKoZIhvcNAQELBQAwFzEVMBMG

                    A1UEAwwMaWRwLWhjbXV0LnZuMB4XDTE2MTEwNDE4NTA1MloXDTM2MTEwNDE4NTA1MlowFzEVMBMG

                    A1UEAwwMaWRwLWhjbXV0LnZuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqCGt5D6

                    7cEyu8iKjTROaltQ4b3BKE11LymVoPA0+3/cy6b4MSsu+HCAyn9Nj9lk2hiotY6BEMV1wJOYUM6Y

                    s/IB0xxSiGkfde39+B7Bmsr+MJDH0R6TLmjNiKNzPoM6ypluXvjiAUAX3LBVssj77jp8oWrMheVI

                    JMnsSWfnnx2+eTi87/pYudVmRs6/YYtmFlOUJ69WcONEZPgwQncOCzN5DRaYPaEnPW0Agsx0zPE/

                    C34wOWZCpo45IXchDchPbM1HfWrQqSh7u+oTTJsiP65ZeQBqLuDgYS0HkVs1y1sP/ZzNLshQnNT9

                    mHQiGk03VoYG5K8kLfk+9uZgXhTfiwIDAQABo18wXTAdBgNVHQ4EFgQUzvHSyKfNHADSyIpYdman

                    RKfg5o4wPAYDVR0RBDUwM4IMaWRwLWhjbXV0LnZuhiNodHRwczovL2lkcC1oY211dC52bi9pZHAv

                    c2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAEp5Z5ERXIjB4ZS1I7TyGo8WFvwJJc50mOEzr

                    G+V3zyiG+H13qtofoYE2PY8HH7ymqIK2KZTPiqusP433oGm++TsHRlH1MpA0X76Wg9U/T6X4n5vW

                    45pzw/Njb+w2xkRj6QcEjPXvLhQFv3FWsj6zqDnIT0A+REeGnGngxdYOeVxr/xm8LuZIJgU7KjEa

                    ZU+McqEIKbirPKueHAFqSZuXwnZeK8QBLtNv/HYCxx6d1w4tjqhBozfRnDYrmSrOHoHXhU6r8TRg

                    g1gCPi5wsFfWD/wNk6VhCd3uwfFoJszZxQka0fvMI0pXO/NUxKOksz9gyU9WYpF0u7jpWhfVGu7M 2Q==</ds:X509Certificate>

            </ds:X509Data>

        </ds:KeyInfo>

    </ds:Signature>

    <saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status>

    <saml2:Assertion ID="_6fdaab22b4fc1a64a6445c0fbce32f39" IssueInstant="2016-11-06T15:37:27.553Z"

        Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

        <saml2:Issuer>https://idp-hcmut.vn/idp/shibboleth</saml2:Issuer>

        <saml2:Subject>

            <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"

                NameQualifier="https://idp-hcmut.vn/idp/shibboleth" SPNameQualifier="http://sp-hcmut.vn:8000">AAdzZWNyZXQxTeFn9qFZNL4dzWcS5S3kqxUQiXBjp2w1+/2xXatSNSYp5Nb0SSIYsazU4i9bn0hiH+es53fby4S+VxwZ1bV2H5x18Lqy07h+5SEOkXnGd1Bz7AXeLKBfYwKmWIUf3HI=</saml2:NameID>

            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="10.0.2.2"

                InResponseTo="ONELOGIN_58eb47d5daac275d59db626f102c2624ad3f5e32"

                NotOnOrAfter="2016-11-06T15:42:27.585Z" Recipient="http://sp-hcmut.vn:8000/auth/complete/tpa-saml/"/></saml2:SubjectConfirmation>

        </saml2:Subject>

        <saml2:Conditions NotBefore="2016-11-06T15:37:27.553Z" NotOnOrAfter="2016-11-06T15:42:27.553Z">

            <saml2:AudienceRestriction>

                <saml2:Audience>http://sp-hcmut.vn:8000</saml2:Audience>

            </saml2:AudienceRestriction>

        </saml2:Conditions>

        <saml2:AuthnStatement AuthnInstant="2016-11-06T15:37:27.270Z"

            SessionIndex="_3a6136c379360b8da8e54d86054f8f66"><saml2:SubjectLocality Address="10.0.2.2"/>

            <saml2:AuthnContext>

                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>

            </saml2:AuthnContext>

        </saml2:AuthnStatement>

        <saml2:AttributeStatement>

            <saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1"

                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

                <saml2:AttributeValue>thetruong</saml2:AttributeValue>

            </saml2:Attribute>

            <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3"

                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

                <saml2:AttributeValue>4120...@hcmut.edu.vn</saml2:AttributeValue>

            </saml2:Attribute>

            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4"

                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

                <saml2:AttributeValue>nguyen</saml2:AttributeValue>

            </saml2:Attribute>

            <saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42"

                NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

                <saml2:AttributeValue>the truong</saml2:AttributeValue>

            </saml2:Attribute>

        </saml2:AttributeStatement>

    </saml2:Assertion>

</saml2p:Response>

Vào 18:22:16 UTC+7 Chủ Nhật, ngày 06 tháng 11 năm 2016, truong nguyen đã viết:

[Braden MacDonald]

Does the Issuer value from this SAML XML ("https://idp-hcmut.vn/idp/shibboleth") exactly match the "Entity ID" in the Open edX django admin SAML IdP configuration?

--

Braden

@OpenCraft

                <saml2:AttributeValue>41204219@hcmut.edu.vn</saml2:AttributeValue>

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/f35f1cc6-3c83-43d6-aad3-2785678e27d1%40googlegroups.com.

[truong nguyen]

Hi Braden!

You are right,I have configured entityID for myIDP

Thank Braden,you helped me very much!

Vào 07:30:51 UTC+7 Thứ Ba, ngày 08 tháng 11 năm 2016, Braden MacDonald đã viết: