ComponentSpace

Forums



An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder


An error SAML response status was received....

Author
Message
levy
levy
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 29
I‘m using SAML ASP.NET to connect ADFS. Now I got the error page, did anyone can help me to resolve it?


I configure the ADFS server by the following Link document:
https://www.componentspace.com/documentation/saml-for-asp-net/integrations/ComponentSpace%20ADFS%20Relying%20Party%20Integration%20Guide.pdf




ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
ADFS returns a generic error status if anything goes wrong. The most likely cause is a configuration mismatch.

You need to ask the ADFS admin to take a look at the Windows event log on the ADFS server. There will be one or more error events associated with the error status that will provide more specific information.

Regards
ComponentSpace Development
levy
levy
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 29
ComponentSpace - 2/16/2020
ADFS returns a generic error status if anything goes wrong. The most likely cause is a configuration mismatch.

You need to ask the ADFS admin to take a look at the Windows event log on the ADFS server. There will be one or more error events associated with the error status that will provide more specific information.

Thank you for answer my question! I have reviewed the event on adfs server. Maybe here are problems?

日志名称:    AD FS/Admin
来源:    AD FS
日期:    2020/2/14 14:28:18
事件 ID:   364
任务类别:    无
级别:    错误
关键字:    AD FS
用户:    PLATINUMCLOUD\administrator
计算机:    adfstest.platinumcloud.cn
描述:
联合身份验证被动请求期间遇到错误。

其他数据

协议名称:
Saml

信赖方:
https://apps.platinumchina.com/MvcExampleServiceProvider

异常详细信息:
Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0038: SAML 消息的签名错误。颁发者:“https://apps.platinumchina.com/MvcExampleServiceProvider”。
 在 Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
 在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
 在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
 在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
 在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
 在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
 在 Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
 在 Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
It would appear that the signature on the authn request sent by your SP application couldn't be verified by ADFS.

Please ensure that the certificate (.CER file) configured under the Signature tab of your replying party's properties in ADFS corresponds to the private key (.PFX file) used to generate these signatures. The private key/certificate for signature generation is configured in your app's saml.config under the <ServiceProvider> section.

Regards
ComponentSpace Development
levy
levy
New Member
New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)New Member (7 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 29
ComponentSpace - 2/16/2020
It would appear that the signature on the authn request sent by your SP application couldn't be verified by ADFS.

Please ensure that the certificate (.CER file) configured under the Signature tab of your replying party's properties in ADFS corresponds to the private key (.PFX file) used to generate these signatures. The private key/certificate for signature generation is configured in your app's saml.config under the <ServiceProvider> section.

Great! I have resolve the problem! Thanks for your support!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search