Home
Products
Downloads
Purchase
Support
Forums
About

Back

Forums, Documentation & Knowledge Base - ComponentSpace

Register
Login

ComponentSpace

Forums

Home
»
ComponentSpace Support Forums
»
Questions - SAML SSO for ASP.NET
»
The SAML assertion signature failed to verify

The SAML assertion signature failed to verify

The SAML assertion signature failed to verify

Author	Message
jcastleman-cae	jcastleman-cae Posted 3 Months Ago #12364
New Member Group: Forum Members Posts: 1, Visits: 8	Having problems getting a 3rd party vendor application configured to work with my ADFS server. I have supplied the SAML Logs below. I think it is a certificate mismatch issue, but for the life of me, I can't figure out how to get the right combination configured. Please note that I have redacted or supplied fake values for as much customer-specific information or names as to protect the customer's privacy. Relevant certificate thumbprints or serial numbers are all original. 2023-03-08 15:50:40.583 +00:00 [WRN] Using an in-memory repository. Keys will not be persisted to storage. 2023-03-08 15:50:40.598 +00:00 [WRN] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits. 2023-03-08 15:50:40.657 +00:00 [WRN] No XML encryptor configured. Key "1a782795-33aa-469b-9126-b2c1cd7e6917" may be persisted to storage in unencrypted form. 2023-03-08 15:50:42.052 +00:00 [INF] ComponentSpace.Saml2, Version=3.0.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET Standard build, Licensed. 2023-03-08 15:50:42.060 +00:00 [INF] CLR: .NET Core 4.6.28207.03, OS: Microsoft Windows 10.0.17763 , Culture: English (United States) 2023-03-08 15:50:42.060 +00:00 [DBG] Configuration resolver: ComponentSpace.Saml2.Configuration.Resolver.SamlConfigurationResolver 2023-03-08 15:50:42.060 +00:00 [DBG] Certificate manager: ComponentSpace.Saml2.Certificates.CertificateManager 2023-03-08 15:50:42.060 +00:00 [DBG] ID cache: ComponentSpace.Saml2.Cache.DistributedIDCache 2023-03-08 15:50:42.060 +00:00 [DBG] Artifact cache: ComponentSpace.Saml2.Cache.DistributedArtifactCache 2023-03-08 15:50:42.060 +00:00 [DBG] SSO session store: ComponentSpace.Saml2.Session.DistributedSsoSessionStore 2023-03-08 15:50:42.270 +00:00 [DBG] SAML configuration: { "Configurations": [ { "LocalServiceProviderConfiguration": { "AssertionConsumerServiceUrl": "https://redacted/SAMLAuth/SAML/AssertionConsumerService", "Description": "SAML Authentication API", "LocalCertificates": [ { "Thumbprint": "1f26490e2543e2e5f9799775934e1b290299898a" } ], "Name": "https://redacted/SAMLAuth" }, "PartnerIdentityProviderConfigurations": [ { "Description": "Example Identity Provider", "Name": "http://redacted/adfs/services/trust", "PartnerCertificates": [ { "FileName": "certificates/ADFS.cer" } ], "SignAuthnRequest": true, "SingleLogoutServiceUrl": "https://redacted/adfs/ls/", "SingleSignOnServiceUrl": "https://redacted/adfs/ls/" } ] } ] } 2023-03-08 15:50:42.270 +00:00 [DBG] The SAML SSO environment has been successfully initialized. 2023-03-08 15:50:42.394 +00:00 [DBG] Initiating SSO to the partner identity provider http://redacted/adfs/services/trust. 2023-03-08 15:50:42.430 +00:00 [DBG] The SSO session ID 1bcf0bee-68db-40ea-97f9-6ec5b772bb1b has been saved to the saml-session cookie. 2023-03-08 15:50:42.431 +00:00 [DBG] HTTP cookie: saml-session=1bcf0bee-68db-40ea-97f9-6ec5b772bb1b; Path=/; SameSite=None; Secure; HttpOnly 2023-03-08 15:50:42.439 +00:00 [DBG] SSO session state is being initialized. 2023-03-08 15:50:42.443 +00:00 [DBG] SSO session state for saml-session-1bcf0bee-68db-40ea-97f9-6ec5b772bb1b-SamlState is being saved to the distributed cache. 2023-03-08 15:50:42.463 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b): SP state: 2023-03-08 15:50:42.479 +00:00 [DBG] Constructing an authn request. 2023-03-08 15:50:42.491 +00:00 [DBG] Authn request: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest> 2023-03-08 15:50:42.491 +00:00 [DBG] SSO session state for saml-session-1bcf0bee-68db-40ea-97f9-6ec5b772bb1b-SamlState is being saved to the distributed cache. 2023-03-08 15:50:42.536 +00:00 [DBG] Searching the LocalMachine My X.509 store for the certificate with find type: FindByThumbprint and find value: 1f26490e2543e2e5f9799775934e1b290299898a. 2023-03-08 15:50:42.547 +00:00 [DBG] The X.509 certificate with subject name CN=.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 0C5A09D6805D7E692EB37F7DD560140E has been loaded. 2023-03-08 15:50:42.565 +00:00 [DBG] The X.509 certificate with subject name CN=.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 0C5A09D6805D7E692EB37F7DD560140E has been cached. 2023-03-08 15:50:42.585 +00:00 [DBG] Sending a SAML message over HTTP-Redirect. 2023-03-08 15:50:42.586 +00:00 [DBG] Creating an HTTP-Redirect URL. 2023-03-08 15:50:42.586 +00:00 [DBG] SAML request: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest> 2023-03-08 15:50:42.586 +00:00 [DBG] Relay State: https://redacted/iFox/?ReturnUrl=%2f 2023-03-08 15:50:42.588 +00:00 [DBG] Encoding SAML message: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest> 2023-03-08 15:50:42.593 +00:00 [DBG] Encoded SAML message: jZLLTsMwEEV/xfI+dR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15/4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H/LXGIzea6WBDoGfp2u+VsHJsu+mQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ/kE 2023-03-08 15:50:42.597 +00:00 [DBG] Signing data: 53 41 4d 4c 52 65 71 75 65 73 74 3d 6a 5a 4c 4c 54 73 4d 77 45 45 56 25 32 46 78 66 49 25 32 42 64 52 35 4e 61 61 30 32 55 6d 69 46 69 46 51 67 61 67 4d 4c 4e 73 67 34 44 72 58 6b 32 4d 48 6a 46 50 68 37 38 6b 42 51 46 6c 52 49 58 6c 69 6a 75 58 50 50 58 4d 30 53 57 4b 30 61 6d 72 62 75 6f 48 66 69 74 52 58 67 55 4c 5a 5a 34 61 65 6f 43 75 4e 77 45 53 36 38 78 57 77 61 65 74 4f 4c 79 50 63 59 44 35 67 58 42 54 79 49 5a 6e 45 31 35 25 32 46 34 4d 6f 77 64 68 51 52 71 39 77 75 48 45 78 79 67 44 61 45 57 6d 77 54 48 74 75 70 49 66 52 70 37 66 76 58 6b 52 78 44 54 32 36 54 52 38 78 47 6a 54 4f 55 6a 4e 33 4b 41 36 4f 4e 63 41 4a 61 51 53 70 62 42 44 62 63 4a 6a 35 6d 44 43 54 55 31 59 57 51 46 52 51 44 43 36 4d 70 61 4c 41 58 47 46 4b 36 5a 41 39 46 59 35 41 35 42 48 38 56 33 4a 72 58 47 47 47 33 55 70 64 53 6e 31 79 77 71 33 56 6c 50 44 51 41 4c 56 72 42 5a 41 48 61 66 37 39 47 5a 4c 4f 31 54 36 50 44 59 42 76 53 36 4b 33 4d 76 76 39 67 56 47 4b 59 43 77 50 63 50 61 61 47 68 72 59 66 66 43 48 69 55 58 39 37 76 74 44 79 6d 50 56 51 31 65 4b 59 34 6e 6f 50 33 55 6e 6f 37 30 48 25 32 46 4c 58 47 49 7a 65 61 36 57 42 44 6f 47 66 70 32 75 25 32 42 56 73 48 4a 73 75 25 32 42 6d 51 36 37 32 52 48 39 65 33 67 55 7a 45 75 44 6b 50 39 68 4c 63 6d 49 79 4f 6a 62 30 74 70 75 61 62 58 4b 6a 4a 50 39 41 71 56 4c 6d 62 57 30 46 63 31 33 63 7a 72 62 64 4c 69 51 5a 5a 62 39 50 4a 25 32 46 6b 45 26 52 65 6c 61 79 53 74 61 74 65 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 63 35 6c 6d 73 2d 64 65 76 2e 63 35 61 74 73 2e 63 6f 6d 25 32 46 69 46 6f 78 25 32 46 25 33 46 52 65 74 75 72 6e 55 72 6c 25 33 44 25 32 35 32 66 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36 2023-03-08 15:50:42.597 +00:00 [DBG] Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. 2023-03-08 15:50:42.614 +00:00 [DBG] Signature: 1b a5 d1 af b5 ac 88 7d c9 81 f5 8e e3 24 22 1d fb ff 35 52 c6 4d a6 e3 9b a6 8e 6f c4 aa 90 1f 61 f5 30 36 3e b7 30 33 cc e8 1d 5f da 58 cf fa 0b 51 a6 cd 79 a9 7f b0 a9 6a f3 5e a9 20 ca 77 e4 08 f3 7b 05 1b 1c d2 99 9e b8 b9 63 f5 0b bb a1 37 2f c8 47 96 4e da b4 4d 84 17 ef e1 2f 07 95 fb f1 4b e0 4d f5 e5 45 88 fa 31 89 02 23 93 6a ee 1b ab 9f 9d e6 db c2 25 40 1b 27 a5 df d6 2a 34 44 ed 37 8b c7 41 b4 40 cc ad 4a ea fe e1 9b 1f 47 01 af ba c9 74 c4 86 3d fc 03 67 ac 1f 57 0a 5a 5b d3 38 f3 d0 ac dc 34 28 5f 2e f6 93 00 70 7d 54 07 71 56 63 b6 7d a1 ef 43 24 35 94 4a df 3d 23 69 37 e0 a7 63 c8 0b 71 b5 e4 8e 03 df 52 80 65 fa 47 ef d5 c7 f7 41 00 29 ef 46 37 eb c6 27 63 f1 00 40 49 08 e7 b0 6e 0e 01 95 4d 6d 17 a8 08 5f 19 16 c8 07 09 a7 e6 d1 e5 28 66 2023-03-08 15:50:42.614 +00:00 [DBG] HTTP Redirect URL: https://redacted/adfs/ls/?SAMLRequest=jZLLTsMwEEV%2FxfI%2BdR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15%2F4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H%2FLXGIzea6WBDoGfp2u%2BVsHJsu%2BmQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ%2FkE&RelayState=https%3A%2F%2Fredacted%2FiFox%2F%3FReturnUrl%3D%252f&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G6XRr7WsiH3JgfWO4yQiHfv%2FNVLGTabjm6aOb8SqkB9h9TA2PrcwM8zoHV%2FaWM%2F6C1GmzXmpf7CpavNeqSDKd%2BQI83sFGxzSmZ64uWP1C7uhNy%2FIR5ZO2rRNhBfv4S8HlfvxS%2BBN9eVFiPoxiQIjk2ruG6ufnebbwiVAGyel39YqNETtN4vHQbRAzK1K6v7hmx9HAa%2B6yXTEhj38A2esH1cKWlvTOPPQrNw0KF8u9pMAcH1UB3FWY7Z9oe9DJDWUSt89I2k34KdjyAtxteSOA99SgGX6R%2B%2FVx%2FdBACnvRjfrxidj8QBASQjnsG4OAZVNbReoCF8ZFsgHCafm0eUoZg%3D%3D 2023-03-08 15:50:42.614 +00:00 [DBG] Redirecting to: https://redacted/adfs/ls/?SAMLRequest=jZLLTsMwEEV%2FxfI%2BdR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15%2F4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H%2FLXGIzea6WBDoGfp2u%2BVsHJsu%2BmQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ%2FkE&RelayState=https%3A%2F%2Fredacted%2FiFox%2F%3FReturnUrl%3D%252f&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G6XRr7WsiH3JgfWO4yQiHfv%2FNVLGTabjm6aOb8SqkB9h9TA2PrcwM8zoHV%2FaWM%2F6C1GmzXmpf7CpavNeqSDKd%2BQI83sFGxzSmZ64uWP1C7uhNy%2FIR5ZO2rRNhBfv4S8HlfvxS%2BBN9eVFiPoxiQIjk2ruG6ufnebbwiVAGyel39YqNETtN4vHQbRAzK1K6v7hmx9HAa%2B6yXTEhj38A2esH1cKWlvTOPPQrNw0KF8u9pMAcH1UB3FWY7Z9oe9DJDWUSt89I2k34KdjyAtxteSOA99SgGX6R%2B%2FVx%2FdBACnvRjfrxidj8QBASQjnsG4OAZVNbReoCF8ZFsgHCafm0eUoZg%3D%3D 2023-03-08 15:50:42.615 +00:00 [DBG] The SAML message has been sent over HTTP-Redirect. 2023-03-08 15:50:42.617 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b): SP state: Pending response state: Action: ReceiveSamlResponse Partner name: http://redacted/adfs/services/trust Relay state: In response to: _3f252929-9642-4730-ac1a-31c1365f8c06 2023-03-08 15:50:42.617 +00:00 [DBG] Initiation of SSO to the partner identity provider http://redacted/adfs/services/trust has completed successfully. 2023-03-08 15:51:04.143 +00:00 [DBG] Receiving an SSO response from a partner identity provider. 2023-03-08 15:51:04.144 +00:00 [DBG] The SSO session ID 1bcf0bee-68db-40ea-97f9-6ec5b772bb1b has been retrieved from the saml-session cookie. 2023-03-08 15:51:04.192 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b): SP state: Pending response state: Action: ReceiveSamlResponse Partner name: http://redacted/adfs/services/trust Relay state: In response to: _3f252929-9642-4730-ac1a-31c1365f8c06 2023-03-08 15:51:04.285 +00:00 [DBG] Receiving a SAML message over HTTP-Post. 2023-03-08 15:51:04.308 +00:00 [DBG] HTTPS request: POST /SAMLAuth/SAML/AssertionConsumerService HTTP/1.1 Cache-Control: max-age=0 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: saml-session=1bcf0bee-68db-40ea-97f9-6ec5b772bb1b Host: redacted Referer: https://redacted/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Origin: https://redacted Content-Length: 5248 sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document MS-ASPNETCORE-TOKEN: e5c51220-a79a-413f-b0ff-42099767dbb6 X-Original-Proto: http X-Original-For: 127.0.0.1:60129 SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfNWEzYTY1NDgtZWUzMy00ZWUzLWJhZmItMGEwNjZhNGNjNzYyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjZaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jNWxtcy1kZXYuYzVhdHMuY29tL1NBTUxBdXRoL1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJfM2YyNTI5MjktOTY0Mi00NzMwLWFjMWEtMzFjMTM2NWY4YzA2IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfYzc1NzA0ZjQtMmI2Mi00ZDcxLWE0ZmItMzBlNmY4NDE4YTAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDMtMDhUMTU6NTE6MDQuMDY2WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2M3NTcwNGY0LTJiNjItNGQ3MS1hNGZiLTMwZTZmODQxOGEwMCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPjNSSkQvUlF6RjlJVVhubktpaGRKTmdPREZRQXdoYld1eDdKODVpV2hPVk09PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPk1BMEQ5KzBoWWNrWXJVYmZyRXZ6enlvZXJRU29kUCt4VHlxRmhaYTNkQW9Ld3pVMkgveW85aW9QelZIQmNGbTBGOTdvTTkydXNRb1pFUTBRWTgraERlalpEOGNFeitQS2p1dUsrL2lIYnZoME02OHRmN29IdFBiajZJZ2E4cUFlZyttT1JEZEExUm04YlhpRmx2TXhKSGwvTkFtcU5FWjFUbUJpeEQrRnd6NHM5cVpGODgrTmN5MDZyTGJ3Z0RSRmlnYTNBeTl4Uk53djBXQXFDOUNwbFNvSVBIdXZwa01KNitHV1BDdElWS05tNjU0cmxPeXNhUmNLYWh1ZU8rY1VlNFJkOEZ4TkVzT1FmSHZPQU1VZWdnZndSRXBKL281czJ6cW9XektsTEV2b0NHN09YMjEyNEczTnJFTEZXMXFZeEdQbXNXbWc5T0JlS2JneG9JY1g4QT09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzVEQ0NBY3lnQXdJQkFnSVFHQ2s1ZDJrR1RKbEhtNGVnYU5TSUl6QU5CZ2txaGtpRzl3MEJBUXNGQURBdU1Td3dLZ1lEVlFRREV5TkJSRVpUSUZOcFoyNXBibWNnTFNCbVpXUmxjbUYwYVc5dUxtTTFZWFJ6TG1OdmJUQWVGdzB5TWpBMU1qVXhPVFEyTVRWYUZ3MHlNekExTWpVeE9UUTJNVFZhTUM0eExEQXFCZ05WQkFNVEkwRkVSbE1nVTJsbmJtbHVaeUF0SUdabFpHVnlZWFJwYjI0dVl6VmhkSE11WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBenJ5SXZyM2tDSDMvVmhuY2c1UWt3U1NlYlBXQTdmYStIRi82T3doMzZvMnJ2Y0luOHd6YjRHNUNiU1BJbmwwU1RINFc5dHlnMFp2TmtrdEczekZUbGpKVmNVUDcwUmxYbHR1YTBvVXNkRG05R3NaM01NellZNmhtaVBzTVdOdkc5RW85V1N3UU9pU01ReEVCWXdpeFMwb3RhTnhJbytaMUlzcjFvNTJsUFlEVkkxWTM1NHRqRXNSM2lHNVQvSGxvTVVQM3RRTzYvQUEwRnJ5TElyazBtaTN6d1BTSTNUY0cweWh5Zmk1T1M5R1kxREl1NHF0VWppc2hxWlRiZnBEMnBiZEI0YVFNMlJyQXh6bzhHWlYzYzJ6bVRrb0RnanBVUFpBUUJmR1pmTWVQRFBhZDNydnpGT2NKMHhydEx2ZVZoNEVZNHdIclY5N2xyMVptaEtqMURRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQlVzb05QaEduY0ZiTUNTaUVtVTJlYnNOaXBhckNjNit6VWZUZXZtR1R2N2M1cGk3M0V1LzlvdHVvR0RsUTZmSG1VTjk0SzV1SCtrRzlneXp4ekRxeWljN0l4TFAxZHFiUFd6U05iWTFQeWRLT29UcTVWbVhjZThJZk5nNHdPckRwSUZDeU1KRThpbzNNZjJUK1pGRncrek9qRFh0c3dBU21XaEFLSmFBNHdia2ZreTJ1dE9iZGdVbW8zdzRudUwrWnI2TnQ1TzhPUi94YXhtNFc5YkdzVVNTMk9zMTRSTkNOVnBIQk5HSUJIUnZReUhTb0prVzNkVW9yMEcvVy8vYk9NTFJwSUpMUjVEN0R3aEtDeXVXMWdDRVhPampkckJ0Ky9TRStsOTA3L01aVGNmWnJ1bzBzcFJHbURqc0VsY05sSzNKdUpSTTVqZ3JLYWxRQ0Q2NzA8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il8zZjI1MjkyOS05NjQyLTQ3MzAtYWMxYS0zMWMxMzY1ZjhjMDYiIE5vdE9uT3JBZnRlcj0iMjAyMy0wMy0wOFQxNTo1NjowNC4wNjZaIiBSZWNpcGllbnQ9Imh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aC9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZSIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjNaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDMtMDhUMTY6NTE6MDQuMDYzWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPmh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aDwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iTmFtZWlkIj48QXR0cmlidXRlVmFsdWU+ZHVtYmVzdHVzZXJAYzVhdHMuY29tPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIzLTAzLTA4VDE1OjUxOjA0LjAxN1oiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+&RelayState=https://redacted/iFox/?ReturnUrl=%2f 2023-03-08 15:51:04.310 +00:00 [DBG] Parsing the HTTP post data. 2023-03-08 15:51:04.311 +00:00 [DBG] Retrieved parameter SAMLResponse: PHNhbWxwOlJlc3BvbnNlIElEPSJfNWEzYTY1NDgtZWUzMy00ZWUzLWJhZmItMGEwNjZhNGNjNzYyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjZaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jNWxtcy1kZXYuYzVhdHMuY29tL1NBTUxBdXRoL1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJfM2YyNTI5MjktOTY0Mi00NzMwLWFjMWEtMzFjMTM2NWY4YzA2IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfYzc1NzA0ZjQtMmI2Mi00ZDcxLWE0ZmItMzBlNmY4NDE4YTAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDMtMDhUMTU6NTE6MDQuMDY2WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2M3NTcwNGY0LTJiNjItNGQ3MS1hNGZiLTMwZTZmODQxOGEwMCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPjNSSkQvUlF6RjlJVVhubktpaGRKTmdPREZRQXdoYld1eDdKODVpV2hPVk09PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPk1BMEQ5KzBoWWNrWXJVYmZyRXZ6enlvZXJRU29kUCt4VHlxRmhaYTNkQW9Ld3pVMkgveW85aW9QelZIQmNGbTBGOTdvTTkydXNRb1pFUTBRWTgraERlalpEOGNFeitQS2p1dUsrL2lIYnZoME02OHRmN29IdFBiajZJZ2E4cUFlZyttT1JEZEExUm04YlhpRmx2TXhKSGwvTkFtcU5FWjFUbUJpeEQrRnd6NHM5cVpGODgrTmN5MDZyTGJ3Z0RSRmlnYTNBeTl4Uk53djBXQXFDOUNwbFNvSVBIdXZwa01KNitHV1BDdElWS05tNjU0cmxPeXNhUmNLYWh1ZU8rY1VlNFJkOEZ4TkVzT1FmSHZPQU1VZWdnZndSRXBKL281czJ6cW9XektsTEV2b0NHN09YMjEyNEczTnJFTEZXMXFZeEdQbXNXbWc5T0JlS2JneG9JY1g4QT09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzVEQ0NBY3lnQXdJQkFnSVFHQ2s1ZDJrR1RKbEhtNGVnYU5TSUl6QU5CZ2txaGtpRzl3MEJBUXNGQURBdU1Td3dLZ1lEVlFRREV5TkJSRVpUSUZOcFoyNXBibWNnTFNCbVpXUmxjbUYwYVc5dUxtTTFZWFJ6TG1OdmJUQWVGdzB5TWpBMU1qVXhPVFEyTVRWYUZ3MHlNekExTWpVeE9UUTJNVFZhTUM0eExEQXFCZ05WQkFNVEkwRkVSbE1nVTJsbmJtbHVaeUF0SUdabFpHVnlZWFJwYjI0dVl6VmhkSE11WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBenJ5SXZyM2tDSDMvVmhuY2c1UWt3U1NlYlBXQTdmYStIRi82T3doMzZvMnJ2Y0luOHd6YjRHNUNiU1BJbmwwU1RINFc5dHlnMFp2TmtrdEczekZUbGpKVmNVUDcwUmxYbHR1YTBvVXNkRG05R3NaM01NellZNmhtaVBzTVdOdkc5RW85V1N3UU9pU01ReEVCWXdpeFMwb3RhTnhJbytaMUlzcjFvNTJsUFlEVkkxWTM1NHRqRXNSM2lHNVQvSGxvTVVQM3RRTzYvQUEwRnJ5TElyazBtaTN6d1BTSTNUY0cweWh5Zmk1T1M5R1kxREl1NHF0VWppc2hxWlRiZnBEMnBiZEI0YVFNMlJyQXh6bzhHWlYzYzJ6bVRrb0RnanBVUFpBUUJmR1pmTWVQRFBhZDNydnpGT2NKMHhydEx2ZVZoNEVZNHdIclY5N2xyMVptaEtqMURRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQlVzb05QaEduY0ZiTUNTaUVtVTJlYnNOaXBhckNjNit6VWZUZXZtR1R2N2M1cGk3M0V1LzlvdHVvR0RsUTZmSG1VTjk0SzV1SCtrRzlneXp4ekRxeWljN0l4TFAxZHFiUFd6U05iWTFQeWRLT29UcTVWbVhjZThJZk5nNHdPckRwSUZDeU1KRThpbzNNZjJUK1pGRncrek9qRFh0c3dBU21XaEFLSmFBNHdia2ZreTJ1dE9iZGdVbW8zdzRudUwrWnI2TnQ1TzhPUi94YXhtNFc5YkdzVVNTMk9zMTRSTkNOVnBIQk5HSUJIUnZReUhTb0prVzNkVW9yMEcvVy8vYk9NTFJwSUpMUjVEN0R3aEtDeXVXMWdDRVhPampkckJ0Ky9TRStsOTA3L01aVGNmWnJ1bzBzcFJHbURqc0VsY05sSzNKdUpSTTVqZ3JLYWxRQ0Q2NzA8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il8zZjI1MjkyOS05NjQyLTQ3MzAtYWMxYS0zMWMxMzY1ZjhjMDYiIE5vdE9uT3JBZnRlcj0iMjAyMy0wMy0wOFQxNTo1NjowNC4wNjZaIiBSZWNpcGllbnQ9Imh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aC9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZSIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjNaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDMtMDhUMTY6NTE6MDQuMDYzWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPmh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aDwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iTmFtZWlkIj48QXR0cmlidXRlVmFsdWU+ZHVtYmVzdHVzZXJAYzVhdHMuY29tPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIzLTAzLTA4VDE1OjUxOjA0LjAxN1oiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+ 2023-03-08 15:51:04.311 +00:00 [DBG] Retrieved parameter RelayState: https://redacted/iFox/?ReturnUrl=%2f 2023-03-08 15:51:04.311 +00:00 [DBG] SAML response: <samlp:Response ID="_5a3a6548-ee33-4ee3-bafb-0a066a4cc762" Version="2.0" IssueInstant="2023-03-08T15:51:04.066Z" Destination="https://redacted/SAMLAuth/SAML/AssertionConsumerService" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://redacted/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><Assertion ID="_c75704f4-2b62-4d71-a4fb-30e6f8418a00" IssueInstant="2023-03-08T15:51:04.066Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://redacted/adfs/services/trust</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_c75704f4-2b62-4d71-a4fb-30e6f8418a00"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>3RJD/RQzF9IUXnnKihdJNgODFQAwhbWux7J85iWhOVM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MA0D9+0hYckYrUbfrEvzzyoerQSodP+xTyqFhZa3dAoKwzU2H/yo9ioPzVHBcFm0F97oM92usQoZEQ0QY8+hDejZD8cEz+PKjuuK+/iHbvh0M68tf7oHtPbj6Iga8qAeg+mORDdA1Rm8bXiFlvMxJHl/NAmqNEZ1TmBixD+Fwz4s9qZF88+Ncy06rLbwgDRFiga3Ay9xRNwv0WAqC9CplSoIPHuvpkMJ6+GWPCtIVKNm654rlOysaRcKahueO+cUe4Rd8FxNEsOQfHvOAMUeggfwREpJ/o5s2zqoWzKlLEvoCG7OX2124G3NrELFW1qYxGPmsWmg9OBeKbgxoIcX8A==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQGCk5d2kGTJlHm4egaNSIIzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBmZWRlcmF0aW9uLmM1YXRzLmNvbTAeFw0yMjA1MjUxOTQ2MTVaFw0yMzA1MjUxOTQ2MTVaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGZlZGVyYXRpb24uYzVhdHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzryIvr3kCH3/Vhncg5QkwSSebPWA7fa+HF/6Owh36o2rvcIn8wzb4G5CbSPInl0STH4W9tyg0ZvNkktG3zFTljJVcUP70RlXltua0oUsdDm9GsZ3MMzYY6hmiPsMWNvG9Eo9WSwQOiSMQxEBYwixS0otaNxIo+Z1Isr1o52lPYDVI1Y354tjEsR3iG5T/HloMUP3tQO6/AA0FryLIrk0mi3zwPSI3TcG0yhyfi5OS9GY1DIu4qtUjishqZTbfpD2pbdB4aQM2RrAxzo8GZV3c2zmTkoDgjpUPZAQBfGZfMePDPad3rvzFOcJ0xrtLveVh4EY4wHrV97lr1ZmhKj1DQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBUsoNPhGncFbMCSiEmU2ebsNiparCc6+zUfTevmGTv7c5pi73Eu/9otuoGDlQ6fHmUN94K5uH+kG9gyzxzDqyic7IxLP1dqbPWzSNbY1PydKOoTq5VmXce8IfNg4wOrDpIFCyMJE8io3Mf2T+ZFFw+zOjDXtswASmWhAKJaA4wbkfky2utObdgUmo3w4nuL+Zr6Nt5O8OR/xaxm4W9bGsUSS2Os14RNCNVpHBNGIBHRvQyHSoJkW3dUor0G/W//bOMLRpIJLR5D7DwhKCyuW1gCEXOjjdrBt+/SE+l907/MZTcfZruo0spRGmDjsElcNlK3JuJRM5jgrKalQCD670</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" NotOnOrAfter="2023-03-08T15:56:04.066Z" Recipient="https://redacted/SAMLAuth/SAML/AssertionConsumerService" /></SubjectConfirmation></Subject><Conditions NotBefore="2023-03-08T15:51:04.063Z" NotOnOrAfter="2023-03-08T16:51:04.063Z"><AudienceRestriction><Audience>https://redacted/SAMLAuth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="Nameid"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2023-03-08T15:51:04.017Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response> 2023-03-08 15:51:04.312 +00:00 [DBG] Relay state: https://redacted/iFox/?ReturnUrl=%2f 2023-03-08 15:51:04.312 +00:00 [DBG] The SAML message has been received over HTTP-Post. 2023-03-08 15:51:04.350 +00:00 [DBG] The XML validated against the SAML XML Schemas. 2023-03-08 15:51:04.385 +00:00 [DBG] The SAML response status is success. 2023-03-08 15:51:04.397 +00:00 [DBG] Verifying the SAML assertion signature. 2023-03-08 15:51:04.411 +00:00 [DBG] Loading the X.509 certificate from the file D:\folder\subfolder\SAMLWebApi\certificates/ADFS.cer. 2023-03-08 15:51:04.424 +00:00 [DBG] The X.509 certificate with subject name CN=.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 017A6F52A713044239E08846ECE6FC1A has been loaded. 2023-03-08 15:51:04.430 +00:00 [DBG] The X.509 certificate with subject name CN=.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 017A6F52A713044239E08846ECE6FC1A has been cached. 2023-03-08 15:51:04.433 +00:00 [DBG] Verifying signed XML: <Assertion ID="_c75704f4-2b62-4d71-a4fb-30e6f8418a00" IssueInstant="2023-03-08T15:51:04.066Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://redacted/adfs/services/trust</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_c75704f4-2b62-4d71-a4fb-30e6f8418a00"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>3RJD/RQzF9IUXnnKihdJNgODFQAwhbWux7J85iWhOVM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MA0D9+0hYckYrUbfrEvzzyoerQSodP+xTyqFhZa3dAoKwzU2H/yo9ioPzVHBcFm0F97oM92usQoZEQ0QY8+hDejZD8cEz+PKjuuK+/iHbvh0M68tf7oHtPbj6Iga8qAeg+mORDdA1Rm8bXiFlvMxJHl/NAmqNEZ1TmBixD+Fwz4s9qZF88+Ncy06rLbwgDRFiga3Ay9xRNwv0WAqC9CplSoIPHuvpkMJ6+GWPCtIVKNm654rlOysaRcKahueO+cUe4Rd8FxNEsOQfHvOAMUeggfwREpJ/o5s2zqoWzKlLEvoCG7OX2124G3NrELFW1qYxGPmsWmg9OBeKbgxoIcX8A==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQGCk5d2kGTJlHm4egaNSIIzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBmZWRlcmF0aW9uLmM1YXRzLmNvbTAeFw0yMjA1MjUxOTQ2MTVaFw0yMzA1MjUxOTQ2MTVaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGZlZGVyYXRpb24uYzVhdHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzryIvr3kCH3/Vhncg5QkwSSebPWA7fa+HF/6Owh36o2rvcIn8wzb4G5CbSPInl0STH4W9tyg0ZvNkktG3zFTljJVcUP70RlXltua0oUsdDm9GsZ3MMzYY6hmiPsMWNvG9Eo9WSwQOiSMQxEBYwixS0otaNxIo+Z1Isr1o52lPYDVI1Y354tjEsR3iG5T/HloMUP3tQO6/AA0FryLIrk0mi3zwPSI3TcG0yhyfi5OS9GY1DIu4qtUjishqZTbfpD2pbdB4aQM2RrAxzo8GZV3c2zmTkoDgjpUPZAQBfGZfMePDPad3rvzFOcJ0xrtLveVh4EY4wHrV97lr1ZmhKj1DQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBUsoNPhGncFbMCSiEmU2ebsNiparCc6+zUfTevmGTv7c5pi73Eu/9otuoGDlQ6fHmUN94K5uH+kG9gyzxzDqyic7IxLP1dqbPWzSNbY1PydKOoTq5VmXce8IfNg4wOrDpIFCyMJE8io3Mf2T+ZFFw+zOjDXtswASmWhAKJaA4wbkfky2utObdgUmo3w4nuL+Zr6Nt5O8OR/xaxm4W9bGsUSS2Os14RNCNVpHBNGIBHRvQyHSoJkW3dUor0G/W//bOMLRpIJLR5D7DwhKCyuW1gCEXOjjdrBt+/SE+l907/MZTcfZruo0spRGmDjsElcNlK3JuJRM5jgrKalQCD670</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" NotOnOrAfter="2023-03-08T15:56:04.066Z" Recipient="https://redacted/SAMLAuth/SAML/AssertionConsumerService" /></SubjectConfirmation></Subject><Conditions NotBefore="2023-03-08T15:51:04.063Z" NotOnOrAfter="2023-03-08T16:51:04.063Z"><AudienceRestriction><Audience>https://redacted/SAMLAuth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="Nameid"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2023-03-08T15:51:04.017Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion> 2023-03-08 15:51:04.433 +00:00 [DBG] Signature certificate subject: CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US, serial number: 017A6F52A713044239E08846ECE6FC1A 2023-03-08 15:51:04.525 +00:00 [DBG] XML signature verified: False 2023-03-08 15:51:04.526 +00:00 [DBG] Signature embedded certificate subject: CN=ADFS Signing - redacted, serial number: 1829397769064C99479B87A068D48823 2023-03-08 15:51:04.526 +00:00 [ERR] Receiving an SSO response from a partner identity provider has failed. ComponentSpace.Saml2.Exceptions.SamlSignatureException: The SAML assertion signature failed to verify. at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem) at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse) at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState) at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync() 2023-03-08 15:51:04.558 +00:00 [ERR] Connection id "0HMOVTJFBC5QU", Request id "0HMOVTJFBC5QU:00000002": An unhandled exception was thrown by the application. ComponentSpace.Saml2.Exceptions.SamlSignatureException: The SAML assertion signature failed to verify. at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem) at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse) at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState) at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync() at ExampleWebApi.Controllers.SamlController.AssertionConsumerService() in D:\Jenkins\workspace\software\softwareSSOAuthAPIs\SAMLAuth\SAMLWebApi\Controllers\SamlController.cs:line 41 at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync() at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context) at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync() at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync() at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore(HttpContext context) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)
	Reply
ComponentSpace	ComponentSpace Posted 3 Months Ago #12365
ComponentSpace Development Group: Administrators Posts: 3.1K, Visits: 10K	The wrong partner certificate (ADFS.cer) has been configured. You should use the certificate with serial number 1829397769064C99479B87A068D48823. If there's still an issue, please send the SAML log file as an email attachment to [email protected]. Regards ComponentSpace Development
	Reply

GO

Similar Topics

Post Quoted Reply

Execution: 0.000. 4 queries. Compression Enabled.

Login

Existing Account
Email Address: Password: Reset Your Password Remember Me	Social Logins

Select a Forum....

ComponentSpace Support Forums
      Questions - SAML SSO for ASP.NET
      Questions - SAML SSO for ASP.NET Core
      Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
      Announcements
      Documentation - SAML SSO for ASP.NET
      Documentation - SAML SSO for ASP.NET Core
      Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
      Knowledge Base - SAML SSO for ASP.NET
      Knowledge Base - SAML SSO for ASP.NET Core
      Knowledge Base - OpenID for ASP.NET Core

Explore
Home
Latest
Popular
Search
Tags

Forums
ComponentSpace Support Forums
Questions - SAML SSO for ASP.NET
Questions - SAML SSO for ASP.NET Core
Questions - OpenID for ASP.NET Core
ComponentSpace Documentation
Announcements
Documentation - SAML SSO for ASP.NET
Documentation - SAML SSO for ASP.NET Core
Documentation - OpenID for ASP.NET Core
ComponentSpace Knowledge Bases
Knowledge Base - SAML SSO for ASP.NET
Knowledge Base - SAML SSO for ASP.NET Core
Knowledge Base - OpenID for ASP.NET Core

Forums, Documentation & Knowledge Base - ComponentSpace

Search

Flat Ascending
Flat Descending
Threaded

Subscribe to topic
Print This Topic
Goto Topics Forum

Copyright © ComponentSpace Pty. Ltd. All rights reserved.