The issuer of the response does not match to the identity provider

2,533 views
Skip to first unread message

Louis Borsu

unread,
Jul 26, 2013, 4:15:37 PM7/26/13
to simple...@googlegroups.com

Hi Everyone,


I've got an issue and I can't resolve it after few tries.


I receive this error message :


SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /var/www/simplesaml/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: The issuer of the response does not match to the identity provider we sent the request to.
Backtrace:
1 /var/www/simplesaml/modules/saml/www/sp/saml2-acs.php:65 (require)
0 /var/www/simplesaml/www/module.php:135 (N/A)
But I don't find any errors on the log.
Many thanks in advance, I'm really stuck :-D
Best regards,
Louis

Peter Schober

unread,
Jul 28, 2013, 9:52:33 AM7/28/13
to simple...@googlegroups.com
* Louis Borsu <louis...@gmail.com> [2013-07-27 13:53]:
> Caused by: SimpleSAML_Error_Exception: The issuer of the response
> does not match to the identity provider we sent the request to.

Sounds clear enough?

> But I don't find any errors on the log.

I'd start by turning up the log level to look at the actual protocol
messages.
-peter

Louis Borsu

unread,
Jul 29, 2013, 6:41:05 AM7/29/13
to simple...@googlegroups.com, peter....@univie.ac.at


First, thanks for your reply ! 

> Caused by: SimpleSAML_Error_Exception: The issuer of the response
> does not match to the identity provider we sent the request to.

Sounds clear enough?

Yes, but don't fin the answer :-D

> But I don't find any errors on the log.

I'd start by turning up the log level to look at the actual protocol
messages.

My Log level is on debug. Here is a trace :

Jul 29 11:31:30 simplesamlphp INFO [9b4c759136] SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] Received message:
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_c310c04bf7059c16b08550b8281524cd4169baff69" Version="2.0" IssueInstant="2013-07-29T10:31:29Z" Destination="https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/SSOService.php" AssertionConsumerServiceURL="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136]   <saml:Issuer>https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136]   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] </samlp:AuthnRequest>
Jul 29 11:31:30 simplesamlphp INFO [9b4c759136] SAML2.0 - IdP.SSOService: Incomming Authentication request: 'https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp'
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] Session: 'testsso' not valid because we are not authenticated.
Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] Template: Reading [/opt/simplesamlphp/dictionaries/login]
Jul 29 11:31:34 simplesamlphp INFO [9b4c759136] sqlauth:testsso: Got 1 rows from database
Jul 29 11:31:34 simplesamlphp INFO [9b4c759136] sqlauth:testsso: Attributes: index,username,password,identity_first_name,identity_middle_name,identity_last_name,address_street,address_street_no,address_post_code,address_county,address_country,marketing_interests,marketing_educational_background,marketing_professional_background,identity_birthdate,identity_nationality,contact_email,contact_phone,marketing_degress_background,identity_password_no,last_transaction_id,identity_gender,language,address_city
Jul 29 11:31:34 simplesamlphp DEBUG [9b4c759136] Deleting state: '_0c04d449dc1a16503cbb8cc50d88eb3a0d0f215233'
Jul 29 11:31:34 simplesamlphp DEBUG [9b4c759136] Session: doLogin("testsso")
Jul 29 11:31:34 simplesamlphp DEBUG [9b4c759136] Session: Valid session found with 'testsso'.
Jul 29 11:31:34 simplesamlphp DEBUG [9b4c759136] Session: Valid session found with 'testsso'.
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] Filter config for https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/metadata.php->https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp: array (  0 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 30,  )),  1 =>   sspmod_core_Auth_Process_StatisticsWithAttribute::__set_state(array(     'attribute' => 'realm',     'typeTag' => 'saml20-idp-SSO',     'priority' => 45,  )),  2 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(     'allowedAttributes' =>     array (    ),     'isDefault' => false,     'priority' => 50,  )),  3 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 99,  )),)
Jul 29 11:31:35 simplesamlphp INFO [9b4c759136] Sending SAML 2.0 Response to 'https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp'
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] Sending message:
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_20c1435dd988b00f083e2de966c81e6d7d8ae941ed" Version="2.0" IssueInstant="2013-07-29T10:31:35Z" Destination="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" InResponseTo="_c310c04bf7059c16b08550b8281524cd4169baff69">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   <saml:Issuer>https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/metadata.php</saml:Issuer>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <ds:SignedInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:Reference URI="#_20c1435dd988b00f083e2de966c81e6d7d8ae941ed">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:Transforms>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         </ds:Transforms>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:DigestValue>5dN5YBqKx+bnGOT+9w9zkUAZfTE=</ds:DigestValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </ds:Reference>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </ds:SignedInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <ds:SignatureValue>Vm9/OBpKubNq2oHqFnsvUsrsN3EUtcDqN1y4WbU8og0pLAZhQUYJtxiM2WRqrFFcaj7YFMkjoFobQlzNMed/betK3emHRzBuxrIZPsGSMA5usX+T7AOvL5+pANfIyYRqIz4pxU7B2v7nIIBAUMYykLg9en3sBEBWicTirrD3Sr4=</ds:SignatureValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <ds:KeyInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:X509Data>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:X509Certificate>MIIC/DCCAmWgAwIBAgIJAOrkFf2Jn/PgMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYDVQQGEwJVSzEUMBIGA1UECAwLTG9uZG9uIENpdHkxDzANBgNVBAcMBkxvbmRvbjETMBEGA1UECgwKU0FFIE9ubGluZTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDTU0LjIyOS43MS4xNjUxHTAbBgkqhkiG9w0BCQEWDm9ubGluZUBzYWUuZWR1MB4XDTEzMDcyNjE5NTIzM1oXDTIzMDcyNjE5NTIzM1owgZYxCzAJBgNVBAYTAlVLMRQwEgYDVQQIDAtMb25kb24gQ2l0eTEPMA0GA1UEBwwGTG9uZG9uMRMwEQYDVQQKDApTQUUgT25saW5lMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEWMBQGA1UEAwwNNTQuMjI5LjcxLjE2NTEdMBsGCSqGSIb3DQEJARYOb25saW5lQHNhZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMBjqcvO+D0fXCfQjrSK1m9qXFhq2+cGiI0xhIVdGsKDcw6FpADUCHNWIgwGwbW92ngVUg0Maa4Tj+q24Ag46Wv7UP/DnizCdpoofJ0D2WfBoo4i+823pAH3oTGKTkQcnFNeGZUBgsTf4IpCK2UHVl8pLN9A4ohw53WU0Z8FIldNAgMBAAGjUDBOMB0GA1UdDgQWBBTUW+06cWuGq1syExB9ZlEG5SN/bjAfBgNVHSMEGDAWgBTUW+06cWuGq1syExB9ZlEG5SN/bjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADeJ8ZJetObYRqxh2aKzUnNjmHQQ08NFJnkuHFUgHJ/oXV/2KojNDkZ4AbVP7IUDB97q/yHH1o86d3Rb7Jjg/D88I2sQfLFAbUtKIZLqeaFZtQamNMEAcc4/q9lydIEVrVdmwnQFYZQnXgyzzL5C75W0dRuCwl+Mdlos6SZ0gvYW</ds:X509Certificate>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </ds:X509Data>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </ds:KeyInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   </ds:Signature>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   <samlp:Status>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   </samlp:Status>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   <saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_193e5ff692780061a5a134bd42b0c12373fdf91fe8" Version="2.0" IssueInstant="2013-07-29T10:31:35Z">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <saml:Issuer>https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/metadata.php</saml:Issuer>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:SignedInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:Reference URI="#_193e5ff692780061a5a134bd42b0c12373fdf91fe8">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:Transforms>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]             <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           </ds:Transforms>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:DigestValue>Jr2YbeN4RQv0wKiz1vNTumE106A=</ds:DigestValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         </ds:Reference>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </ds:SignedInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:SignatureValue>RyDbgVH1Vf9LqTe4qbVzsBA/zms4JdBrRzbO7htpl4NUsUUXkaGACUg/UYW0hI4XRdlJFfgTJ61rpJQjcUHt0vmtZg0/sFcFqN2hiRt4kNcJGEDm1bGed+TrTPLswnEiTOD4qRD1OYigAse5EtnfbTzc66zcQeJWYTV2R897BvQ=</ds:SignatureValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <ds:KeyInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <ds:X509Data>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]           <ds:X509Certificate>MIIC/DCCAmWgAwIBAgIJAOrkFf2Jn/PgMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYDVQQGEwJVSzEUMBIGA1UECAwLTG9uZG9uIENpdHkxDzANBgNVBAcMBkxvbmRvbjETMBEGA1UECgwKU0FFIE9ubGluZTEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxFjAUBgNVBAMMDTU0LjIyOS43MS4xNjUxHTAbBgkqhkiG9w0BCQEWDm9ubGluZUBzYWUuZWR1MB4XDTEzMDcyNjE5NTIzM1oXDTIzMDcyNjE5NTIzM1owgZYxCzAJBgNVBAYTAlVLMRQwEgYDVQQIDAtMb25kb24gQ2l0eTEPMA0GA1UEBwwGTG9uZG9uMRMwEQYDVQQKDApTQUUgT25saW5lMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEWMBQGA1UEAwwNNTQuMjI5LjcxLjE2NTEdMBsGCSqGSIb3DQEJARYOb25saW5lQHNhZS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMBjqcvO+D0fXCfQjrSK1m9qXFhq2+cGiI0xhIVdGsKDcw6FpADUCHNWIgwGwbW92ngVUg0Maa4Tj+q24Ag46Wv7UP/DnizCdpoofJ0D2WfBoo4i+823pAH3oTGKTkQcnFNeGZUBgsTf4IpCK2UHVl8pLN9A4ohw53WU0Z8FIldNAgMBAAGjUDBOMB0GA1UdDgQWBBTUW+06cWuGq1syExB9ZlEG5SN/bjAfBgNVHSMEGDAWgBTUW+06cWuGq1syExB9ZlEG5SN/bjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADeJ8ZJetObYRqxh2aKzUnNjmHQQ08NFJnkuHFUgHJ/oXV/2KojNDkZ4AbVP7IUDB97q/yHH1o86d3Rb7Jjg/D88I2sQfLFAbUtKIZLqeaFZtQamNMEAcc4/q9lydIEVrVdmwnQFYZQnXgyzzL5C75W0dRuCwl+Mdlos6SZ0gvYW</ds:X509Certificate>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         </ds:X509Data>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </ds:KeyInfo>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </ds:Signature>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <saml:Subject>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:NameID SPNameQualifier="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_d0a78f7228e1ef8bbc78133fe58845d2164efb0528</saml:NameID>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:SubjectConfirmationData NotOnOrAfter="2013-07-29T10:36:35Z" Recipient="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" InResponseTo="_c310c04bf7059c16b08550b8281524cd4169baff69"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:SubjectConfirmation>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </saml:Subject>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <saml:Conditions NotBefore="2013-07-29T10:31:05Z" NotOnOrAfter="2013-07-29T10:36:35Z">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:AudienceRestriction>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:Audience>https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Audience>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:AudienceRestriction>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </saml:Conditions>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <saml:AuthnStatement AuthnInstant="2013-07-29T10:31:34Z" SessionNotOnOrAfter="2013-07-29T18:31:35Z" SessionIndex="_ee33b33d07096daff71409890883d442ab2d879e76">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:AuthnContext>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:AuthnContext>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </saml:AuthnStatement>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     <saml:AttributeStatement>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="index" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">1</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">poney</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="password" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">*xxxxxxx</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Le</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_middle_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">petit</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Poney</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_street" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Rue de la ferme</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_street_no" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">23</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_post_code" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">10234</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_county" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Ecluse</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_country" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Belgium</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="marketing_interests" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="marketing_educational_background" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="marketing_professional_background" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_birthdate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">20120322</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_nationality" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Belgian</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="contact_email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">xxxx...@gmail.com</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="contact_phone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">324809782790</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="marketing_degress_background" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">fçé'à çfj'"à j"';, poney,</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_password_no" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">29292899292809</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="last_transaction_id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string"/>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="identity_gender" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">M</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="language" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">EN</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       <saml:Attribute Name="address_city" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]         <saml:AttributeValue xsi:type="xs:string">Brussels</saml:AttributeValue>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]       </saml:Attribute>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]     </saml:AttributeStatement>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]   </saml:Assertion>
Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] </samlp:Response> 

Peter Schober

unread,
Jul 29, 2013, 6:59:11 AM7/29/13
to simple...@googlegroups.com
* Louis Borsu <louis...@gmail.com> [2013-07-29 12:41]:
> My Log level is on debug. Here is a trace :

The error message was from the SP, telling you that the SAML response
was issued not from the IdP the authnRquest was sent to.
The logs you posted are from the IdP, though. Anyway:

> Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] Received message:
> Jul 29 11:31:30 simplesamlphp DEBUG [9b4c759136] <samlp:AuthnRequest
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="_c310c04bf7059c16b08550b8281524cd4169baff69" Version="2.0"
> IssueInstant="2013-07-29T10:31:29Z"
> Destination="https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/SSOService.php"
> AssertionConsumerServiceURL="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">

OK. So what is the IdP's entityID /according to your SP/ which has an ACS
URL of "https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/SSOService.php"
which a Binding of "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"?
(That's not included as part of the authnRequest but it is part of the
metadata at the SP. Look though /all/ your metadata sources at the SP,
maybe there's a duplicate that's not quite identical, somewhere.)

> Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] Sending message:
> Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136] <samlp:Response
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
> ID="_20c1435dd988b00f083e2de966c81e6d7d8ae941ed" Version="2.0"
> IssueInstant="2013-07-29T10:31:35Z"
> Destination="https://xxx.xxx.xxx.xxx/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
> InResponseTo="_c310c04bf7059c16b08550b8281524cd4169baff69">
> Jul 29 11:31:35 simplesamlphp DEBUG [9b4c759136]
> <saml:Issuer>https://xxx.xxx.xxx.xxx:8243/simplesaml/saml2/idp/metadata.php</saml:Issuer>

So this (Issuer) is what the IdP said was its name in the response.

I'm guessing from the error message you posted previously that this is
not what the SP has on record for this IdP.
-peter

Louis Borsu

unread,
Jul 29, 2013, 9:34:54 AM7/29/13
to simple...@googlegroups.com, peter....@univie.ac.at
Hi Peter, 

It was that !

I was using a bad IDP Entity ID. It's now working perfect !

Many thanks !

Best regards,
Louis

Peter Schober

unread,
Jul 29, 2013, 9:38:09 AM7/29/13
to simple...@googlegroups.com
* Louis Borsu <louis...@gmail.com> [2013-07-29 15:35]:
> It was that !
>
> I was using a bad IDP Entity ID. It's now working perfect !
>
> Many thanks !

I was merely adding -v to the error message ;)
Glad you could fix it,
-peter
Reply all
Reply to author
Forward
0 new messages