1. 首页
  2. 问答
  3. RightNow的SSO与ADFS 2.0

RightNow的SSO与ADFS 2.0

2015-04-07 94 views
1

目前,我们正在实现SSO在RightNow的使用SAML 2.0 ADFS 2.0的客户门户网站的客户,但这一过程将返回错误代码17:“SSO_CONTACT_TOKEN_VALIDATE_FAILED”RightNow的SSO与ADFS 2.0

的IdP产生一个签名的SAML 2.0断言使用联系信息(客户的登录名称作为断言主题)。 ADFS 2.0提交使用HTTP POST后续断言结合:

<samlp:Response ID="_f1e96bb3-3585-4d38-b708-33c8c023a3f1" 
      Version="2.0" 
      IssueInstant="2015-02-17T12:20:03.666Z" 
      Destination="https://company.custhelp.com/ci/openlogin/saml/subject/contact.login" 
      Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" 
      xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
      > 
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://adfs.company.com/adfs/services/trust/</Issuer> 
<samlp:Status> 
    <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> 
</samlp:Status> 
<Assertion ID="_5cd4e6a7-0d5a-4010-9979-46cf372b8e35" 
      IssueInstant="2015-02-17T12:20:03.666Z" 
      Version="2.0" 
      xmlns="urn:oasis:names:tc:SAML:2.0:assertion" 
      > 
    <Issuer>http://adfs.company.com/adfs/services/trust/</Issuer> 
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
     <ds:SignedInfo> 
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <ds:Reference URI="#_5cd4e6a7-0d5a-4010-9979-46cf372b8e35"> 
       <ds:Transforms> 
        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> 
        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
       </ds:Transforms> 
       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
       <ds:DigestValue>QlfQBozfBOCdd4aKqfiqQPTftuQ=</ds:DigestValue> 
      </ds:Reference> 
     </ds:SignedInfo> 
     <ds:SignatureValue>EEBAxrW+VHXofNuYPBpzlFR7FZ1Ty4UUOXPFGs3PneU9mSPTpoSAh3BaP/xt2smbmdcj0QWoz00pLZa4KLwUdPdJrKMSqeDwYMvKiNVyQoAbbcS8TzOiFmPdWEgVRIsOY5C/TXjq+aKjnKOwGndTCc9eDvgnlsmo622yP2zHdnLXHlvLfWaPX27CabbYWFjz2ubnpE7Cn5eIcwAZ3VA9qEy3vJvvuBcXfHZ180pHtazNPChI4VycLyNBxzJ92sxkEIsrJZ3X7rqfO6C2IlxTeOHFsvPWCqI05i/IGodGE03x+r1AOc+Qx1fkhAC7TnU96XWjdBJa0lkhQaZtmg7TvQ==</ds:SignatureValue> 
     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> 
      <ds:X509Data> 
       <ds:X509Certificate>MIIFjDCCBHSgAwIBAgIQevLn+V2Y03FErSWKT1CvDjANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLDAqBgNVBAMTI1N5bWFudGVjIENsYXNzIDMgRVYgU1NMIFNHQyBDQSAtIEcyMB4XDTE0MTAzMDAwMDAwMFoXDTE1MTEyNDIzNTk1OVowggEAMRMwEQYLKwYBBAGCNzwCAQMTAkNIMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEZMBcGA1UEBRMQQ0gtNjYwLTAzMzI5NzItNjELMAkGA1UEBhMCQ0gxDTALBgNVBBEUBDEyMTcxDzANBgNVBAgTBkdlbmV2YTEPMA0GA1UEBxQGTWV5cmluMR0wGwYDVQQJFBQ3LCBydWUgZGUgbGEgQmVyZ2VyZTEXMBUGA1UEChQORmlybWVuaWNoIFMuQS4xHDAaBgNVBAsUE0luZm9ybWF0aW9uIFN5c3RlbXMxGzAZBgNVBAMUEmFkZnMuZmlybWVuaWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIzG9LYQQxLWjyJ8y4i1DZ9ygSvEPM5jV3GE/J683bFijqt09amec/r3t7LtsZMBEcjyI5Z25vGV8jAcJgpD0Vf980iP9igaFEnlmE4LvPpGMc5uPOv2q+GhPa+TScCefB3HfSbk7d6KShdrAjtQyE+xS11gEHELTHVxyGFbK37Py0P31OTSAYcxP30M0569bl5D0YnkiKmyeEzjXG3novMGFU9xNye15xqmRyoZggc6y/M8QI6BAly9IRm2AiU+wqB0uIT+hUSOseFR/+QU10ZEhKGObro2gbk6x3MueF1MXwY4ngfqE/1eYm9hSte4RFFTox80CetZYlUudy9pqT0CAwEAAaOCAYMwggF/MB0GA1UdEQQWMBSCEmFkZnMuZmlybWVuaWNoLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKKwYBBAGCNwoDAzBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFEZPweCI2n3TeJvIblkvsOT3HZDiMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zdS5zeW1jYi5jb20vc3UuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3N1LnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3N1LnN5bWNiLmNvbS9zdS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAEjH4BlvVtmV5umudidFRNTTznHVKZD59O3rLGAtC9FoBptA5hstYCu2GxRd2GOouWPYPzoKmNmruSmJmHIzmzoalZ27g4cUYh4kMod/91OEkkFs0E7xXWSVQ1BjZXhdBeFbQ5/rjCEcV8i9uiJuBHioA7s16mkDqN6PFqATYFq2hvZbb0/yPfOrKGFGnz5IxgegSEos1sC6GmFqR5yGxnwXVC5/stXJYmflDFrD/jNZ1995SD4EMXto9SlUcoabj/EelA955x6tjxt9FQUdB9rUI5ahQSrQ/iT1vZ3iCRmlc1Wts/kuYhaq8khggRmmbuBCBh43PIPfvxmrRkdX7XQ=</ds:X509Certificate> 
      </ds:X509Data> 
     </KeyInfo> 
    </ds:Signature> 
    <Subject> 
     <NameID>PHL</NameID> 
     <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> 
      <SubjectConfirmationData NotOnOrAfter="2015-02-17T12:25:03.666Z" 
            Recipient="https://xerox-firmenich.custhelp.com/ci/openlogin/saml/subject/contact.login" 
            /> 
     </SubjectConfirmation> 
    </Subject> 
    <Conditions NotBefore="2015-02-17T12:15:03.666Z" 
       NotOnOrAfter="2015-02-17T13:15:03.666Z" 
       > 
     <AudienceRestriction> 
      <Audience>https://company.custhelp.com</Audience> 
     </AudienceRestriction> 
    </Conditions> 
    <AuthnStatement AuthnInstant="2015-02-17T12:20:03.620Z" 
        SessionIndex="_5cd4e6a7-0d5a-4010-9979-46cf372b8e35" 
        > 
     <AuthnContext> 
      <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef> 
     </AuthnContext> 
    </AuthnStatement> 
</Assertion>

可能在SAML断言这个问题?

来源

2015-04-07 Waldir Plasencia

回答

0

通常,此错误意味着您的证书未包含在断言中,或者您添加到服务云配置的指纹与断言中传递的证书不匹配。既然你有证书,我会专注于指纹。有时,人们将指纹复制并粘贴到Service Cloud(RightNow)设置中,并意外地复制了返回托盘\n或隐形字符。 Service Cloud将这些字符视为指纹的一部分,如果是这种情况,将导致此错误代码。根据上例中的证书,该值应为:

39:c6:48:3b:4e:e3:dd:53:c1:58:88:11:c9:33:28:2a:d5:6c:7f:17

来源

2015-06-03 01:20:50

相关问题

 相关问题