Nimbostratus
NimbostratusHi kunjan,
you are right. I included the wrong SP cert... I was confused about that since I did not activate encrypting the asertion (only then the SP key is changeable or able to activate), but it seemed to be necessary to activate the checkbox, include the SP certificate and then uncheck then box for encryption again...
Thanks for that hint!
Here the succesful logs:
Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 SAML configuration: SAML_RES=&SAML_RES_LIST=&SAML_SSO=/Common/IDP_Internal_AD Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 POST, Authn Request body size: 2100 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Authn Request size: 2076 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Base64 decoded Authn Request size: 1537 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 REQ_ID: (37) _b0d46ec7-d511-464b-8e26-b497fdcc11a2 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 SAML_VERSION: (3) 2.0 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 ISSUE_INSTANT: (28) 2014-10-01T18:56:55.0422565Z Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 SAML_ACS_BINDING: (46) urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 ACS_URL: (59) https://x.csod.com/samldefault.aspx Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 ISSUER: (42) https://x.csod.com Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 XPATH_DIGEST_VALUE: (28) 7erxeW3U99ef44HGFpfYBX5bttg= Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 XPATH_SIGNATURE_VALUE: (172) mCIWMEYZ5RDzXhBY5qGmOWqNeGdGlAo+kCIFjcWGDnRWFj/XZ82L0k7IcGZMn6mSPMM19rKRRTIA3uUHDxL3pnNp9RYiC2Spij8VmPDPCOOoEecM8Cu5TdMt1D6Rsug8743J2hH2cGzqzFicoqAFWRLk6EYFj9E/5bLuimQUj24= Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 NAME_ID_FORMAT: (53) urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Using SSO config: /Common/IDP_Internal_AD with SP Connector: /Common/CornerStone_Pilot from ACCESS profile Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Authn Request requires signature verification Oct 1 20:57:05 KMLLB01 info tmm[15919]: 014d0002:6: 7e7c2659: SSOv2 Successfully verified SAML message signature Oct 1 20:57:05 KMLLB01 info tmm[15919]: 014d0002:6: 7e7c2659: SSOv2 Using SAML SSO object (/Common/IDP_Internal_AD) with SP Connector (/Common/CornerStone_Pilot) Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Authn Request Validation Status Message: urn:oasis:names:tc:SAML:2.0:status:Success Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Size of the Buffer needed for Assertion: 1747 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Assertion TimeStamp - Valid until: 2014-10-01T19:07:05Z Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Canonicalized SignedInfo size: 826 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Signing SAML message with 2048-bit RSA key: /Common/wildcard.konicaminolta.eu.key Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Size of Signature element: 3310 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Signed SAML message size: 5056 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Size of SAML response: 5056 Oct 1 20:57:05 KMLLB01 debug tmm[15919]: 014d0002:7: 7e7c2659: SSOv2 Relay State from SP: Oct 1 20:57:05 KMLLB01 notice tmm[15919]: 014d0002:5: 7e7c2659: SSOv2 Sent SAML Response (size: 7375)