Single sign on Google SAML SSO:无法访问此帐户,因为无法验证登录凭据
我一直在尝试使用SAML来验证我们公司的谷歌应用程序。但我总是得到“这个帐户无法访问,因为无法验证登录凭据。”似乎我的签名很好,因为我已经对它进行了测试 答复:Single sign on Google SAML SSO:无法访问此帐户,因为无法验证登录凭据,single-sign-on,google-apps,saml,saml-2.0,Single Sign On,Google Apps,Saml,Saml 2.0,我一直在尝试使用SAML来验证我们公司的谷歌应用程序。但我总是得到“这个帐户无法访问,因为无法验证登录凭据。”似乎我的签名很好,因为我已经对它进行了测试 答复: <?xml version="1.0" encoding="UTF-8"?> <samlp:Response ID="_fc7fc038e01043acd7d4" IssueInstant="2015-12-28T04:57:37.087Z" Version="2.0" De
<?xml
version="1.0"
encoding="UTF-8"?>
<samlp:Response
ID="_fc7fc038e01043acd7d4"
IssueInstant="2015-12-28T04:57:37.087Z"
Version="2.0"
Destination="https://www.google.com/a/sellyx.com/acs"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#_fc7fc038e01043acd7d4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
m0Lhn42KcGeOXuTdzMRY93MsPNY=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/
U6l8=
</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion
ID="_bba47c30283081e8468c"
IssueInstant="2003-04-17T00:46:02Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://auth.sellyx.com/IDP</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">abc@sellyx.com
</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
Recipient="https://www.google.com/a/sellyx.com/acs"
NotOnOrAfter="2015-12-28T05:00:57.087Z"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/>
</SubjectConfirmation>
</Subject>
<Conditions
NotBefore="2015-12-28T04:54:17.087Z"
NotOnOrAfter="2015-12-28T05:00:57.087Z">
<AudienceRestriction>
<Audience>https://www.google.com/a/sellyx.com/acs</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement
AuthnInstant="2015-12-28T04:57:37.087Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>
m0Lhn42KcGeOXuTdzMRY93MsPNY=
I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RKQLCC1DVXY3UVSXCQ11BMDA3K0R9VNHUKMSZUKTRPIAHW93H1CS37PFUYUYU7FFAEGBCCG+OCYJJ18JCVBGXQKBVV/i8ltRM7JUOr6V+OT/
U6l8=
https://auth.sellyx.com/IDP
abc@sellyx.com
https://www.google.com/a/sellyx.com/acs
urn:oasis:name:tc:SAML:2.0:ac:classes:Password
添加另一个信封签名转换,然后解决问题。我得到了相同的错误。当你说“添加另一个信封签名转换”时,你能详细说明一下吗?