Fatal编程技术网
  • single-sign-on/
  • Single sign on Google SAML SSO:无法访问此帐户,因为无法验证登录凭据

Single sign on Google SAML SSO:无法访问此帐户,因为无法验证登录凭据

single-sign-on

Single sign on Google SAML SSO:无法访问此帐户,因为无法验证登录凭据,single-sign-on,google-apps,saml,saml-2.0,Single Sign On,Google Apps,Saml,Saml 2.0,我一直在尝试使用SAML来验证我们公司的谷歌应用程序。但我总是得到“这个帐户无法访问,因为无法验证登录凭据。”似乎我的签名很好,因为我已经对它进行了测试 答复: <?xml version="1.0" encoding="UTF-8"?> <samlp:Response ID="_fc7fc038e01043acd7d4" IssueInstant="2015-12-28T04:57:37.087Z" Version="2.0" De

我一直在尝试使用SAML来验证我们公司的谷歌应用程序。但我总是得到“这个帐户无法访问,因为无法验证登录凭据。”似乎我的签名很好,因为我已经对它进行了测试

答复:

<?xml 
version="1.0" 
encoding="UTF-8"?>
<samlp:Response 
    ID="_fc7fc038e01043acd7d4" 
    IssueInstant="2015-12-28T04:57:37.087Z" 
    Version="2.0" 
    Destination="https://www.google.com/a/sellyx.com/acs" 
    InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej" 
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion" 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <ds:Signature 
        xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod 
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod 
                Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference 
                URI="#_fc7fc038e01043acd7d4">
                <ds:Transforms>
                    <ds:Transform 
                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod 
                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>
                    m0Lhn42KcGeOXuTdzMRY93MsPNY=
                </ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/
            U6l8=
        </ds:SignatureValue>
    </ds:Signature>
    <samlp:Status>
        <samlp:StatusCode 
            Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <Assertion 
        ID="_bba47c30283081e8468c" 
        IssueInstant="2003-04-17T00:46:02Z" 
        Version="2.0" 
        xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        <Issuer>https://auth.sellyx.com/IDP</Issuer>
        <Subject>
            <NameID 
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">abc@sellyx.com
            </NameID>
            <SubjectConfirmation 
                Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <SubjectConfirmationData 
                    Recipient="https://www.google.com/a/sellyx.com/acs" 
                    NotOnOrAfter="2015-12-28T05:00:57.087Z" 
                    InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/>
            </SubjectConfirmation>
        </Subject>
        <Conditions 
            NotBefore="2015-12-28T04:54:17.087Z" 
            NotOnOrAfter="2015-12-28T05:00:57.087Z">
            <AudienceRestriction>
                <Audience>https://www.google.com/a/sellyx.com/acs</Audience>
            </AudienceRestriction>
        </Conditions>
        <AuthnStatement 
            AuthnInstant="2015-12-28T04:57:37.087Z">
            <AuthnContext>
                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
            </AuthnContext>
        </AuthnStatement>
    </Assertion>
</samlp:Response>


m0Lhn42KcGeOXuTdzMRY93MsPNY=
I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RKQLCC1DVXY3UVSXCQ11BMDA3K0R9VNHUKMSZUKTRPIAHW93H1CS37PFUYUYU7FFAEGBCCG+OCYJJ18JCVBGXQKBVV/i8ltRM7JUOr6V+OT/
U6l8=
https://auth.sellyx.com/IDP
abc@sellyx.com
https://www.google.com/a/sellyx.com/acs
urn:oasis:name:tc:SAML:2.0:ac:classes:Password
添加另一个信封签名转换,然后解决问题。

我得到了相同的错误。当你说“添加另一个信封签名转换”时,你能详细说明一下吗?