I am a NewBe to SAML and SIMPLESAML in particular and I have a of a problem getting IBM Smartcloud to talk to my SS IDP
1,416 views
Skip to first unread message
Steve McDonagh
Sep 11, 2014, 9:08:07 AM9/11/14
to simple...@googlegroups.com
Hello all
We have had a sudden and rather important requirement to provide 2 Factor Authentication
with the IBM Smartcloud offering and the 'best fit' for our PHP applications on site and the
servers in the cloud was SimpleSAML.
However I have set everything up and all seems well apart from the IBM Tivolic server at the other
end responds to the SAML assertion with a screen that reads
We have had a sudden and rather important requirement to provide 2 Factor Authentication
with the IBM Smartcloud offering and the 'best fit' for our PHP applications on site and the
servers in the cloud was SimpleSAML.
However I have set everything up and all seems well apart from the IBM Tivolic server at the other
end responds to the SAML assertion with a screen that reads
"FBTSML238E The SAML message signature could not be validated."
I have checked the SAML assertion as it leaves us and it seems fine. I have checked the certificate
created with open SSL and our server can sign / unsign data with it without a problem.
IBM are saying their server is fine and that other SAML users are using it witout issue but are not
very fortcoming as to what might be the cause of the error message we are getting. I was wondering
are there any SimpleSAML gurus out there that might be able to help point me at what might be
wrong with our setup.
SimpleSAML is running on a ClearOS server with LAMP installed and all the packages paarticularly
the crypto ones are uptodate.
Thanks in advance and any help will be VERY gratefully received
Steve
I have checked the SAML assertion as it leaves us and it seems fine. I have checked the certificate
created with open SSL and our server can sign / unsign data with it without a problem.
IBM are saying their server is fine and that other SAML users are using it witout issue but are not
very fortcoming as to what might be the cause of the error message we are getting. I was wondering
are there any SimpleSAML gurus out there that might be able to help point me at what might be
wrong with our setup.
SimpleSAML is running on a ClearOS server with LAMP installed and all the packages paarticularly
the crypto ones are uptodate.
Thanks in advance and any help will be VERY gratefully received
Steve
Steve McDonagh
Sep 11, 2014, 9:13:14 AM9/11/14
to simple...@googlegroups.com
Just to clarify,, SimpleSAMLphp is doing the IdP and IBM are being the SP in this relationship
Glenn Wearen
Sep 12, 2014, 4:18:05 AM9/12/14
to simple...@googlegroups.com
Have you tried tinkering with TFIM’s partner settings, there are a lot of manual settings that other SAML implementations would leave to metadata.
If you don’t have control over TFIM, you could tinker with SSPHP’s settings, assertion.encryption, nameid.encryption, saml20.sign.response, saml20.sign.assertion, signature.algorithm
Regards
Glenn
On 11 Sep 2014, at 14:13, Steve McDonagh <darkre...@gmail.com> wrote:
Just to clarify,, SimpleSAMLphp is doing the IdP and IBM are being the SP in this relationship
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages