subsystem xmlns="urn:jboss:domain:resource-adapters:1.0"> <resource-adapters> <resource-adapter> <connection-definitions> <connection-definition class-name="org.teiid.resource.adapter.file.FileManagedConnectionFactory" jndi-name="java:/fileDS" enabled="true" use-java-context="true" pool-name="teiid-file-ds"> <config-property name="ParentDirectory">/home/rareddy/testing/<config-property> <config-property name="AllowParentPaths">true<config-property> <connection-definition> <connection-definitions> <resource-adapter> <resource-adapters> <subsystem
What are the values I have to add on
connection-definition class-name
config-property name
ParentDirectory
I took translator as salesforce and took object by connecting with salesforce account.
Related
In WildFly standalone configuration we can define a validation query in the datasource. In case the DB connection is lost, after the background validation milliseconds defined, the connection can be recovered. Without this validation if the connection is lost, it will not be recovered until the application is restarted.
<datasource jndi-name="java:jboss/datasources/MyDS" pool-name="MyDS" enabled="true" use-java-context="true">
<connection-url>jdbc:postgresql://localhost:5432/myDB</connection-url>
<driver>postgresql</driver>
<security>
<user-name>dbuser</user-name>
<password>password</password>
</security>
<validation>
<check-valid-connection-sql>select 1</check-valid-connection-sql>
<validate-on-match>false</validate-on-match>
<background-validation>true</background-validation>
<background-validation-millis>30000</background-validation-millis>
</validation>
</datasource>
How can I achieve the same in Thorntail project.yml file?
thorntail:
datasources:
data-sources:
MyDS:
driver-name: postgresql
connection-url: jdbc:postgresql://localhost:5432/myDB
user-name: dbuser
password: password
I tried adding a validation node, but it didn't work
validation:
check-valid-connection-sql: select 1
validate-on-match: false
background-validation: true
background-validation-millis: 30000
Here's an example PostgreSQL datasource taken from this documentation: https://docs.thorntail.io/2.7.0.Final/#_example_datasource_definitions It includes connection validation, too.
thorntail:
datasources:
data-sources:
MyDS:
driver-name: postgresql
connection-url: jdbc:postgresql://localhost:5432/postgresdb
user-name: admin
password: admin
valid-connection-checker-class-name: org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker
validate-on-match: true
background-validation: false
exception-sorter-class-name: org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter
Other connection validation options, including those that you use, are described in the same documentation.
I use Keycloak 10.0.2 and SQL Server as database. Sometimes I get an error in Keycloak which prevents the application to run properly and the only solution is to restart the application.
Seems that connection gets closed somehow and keycloak is not able to open it again. What could be the reason?
2020-06-22 09:09:28,649 ERROR [org.keycloak.services] (Timer-2)
KC-SERVICES0089: Failed to run scheduled task
ClearExpiredClientInitialAccessTokens:
javax.persistence.PersistenceException:
org.hibernate.exception.GenericJDBCException: could not prepare
statement
at org.hibernate#5.3.15.Final//org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:154)
at org.hibernate#5.3.15.Final//org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:181)
at org.hibernate#5.3.15.Final//org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1594)
at org.keycloak.keycloak-model-jpa#10.0.2//org.keycloak.models.jpa.JpaRealmProvider.removeExpiredClientInitialAccess(JpaRealmProvider.java:826)
at org.keycloak.keycloak-model-infinispan#10.0.2//org.keycloak.models.cache.infinispan.RealmCacheSession.removeExpiredClientInitialAccess(RealmCacheSession.java:1208)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.services.scheduled.ClearExpiredClientInitialAccessTokens.run(ClearExpiredClientInitialAccessTokens.java:30)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.services.scheduled.ClusterAwareScheduledTaskRunner$1.call(ClusterAwareScheduledTaskRunner.java:56)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.services.scheduled.ClusterAwareScheduledTaskRunner$1.call(ClusterAwareScheduledTaskRunner.java:52)
at org.keycloak.keycloak-model-infinispan#10.0.2//org.keycloak.cluster.infinispan.InfinispanClusterProvider.executeIfNotExecuted(InfinispanClusterProvider.java:78)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.services.scheduled.ClusterAwareScheduledTaskRunner.runTask(ClusterAwareScheduledTaskRunner.java:52)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.services.scheduled.ScheduledTaskRunner.run(ScheduledTaskRunner.java:45)
at org.keycloak.keycloak-services#10.0.2//org.keycloak.timer.basic.BasicTimerProvider$1.run(BasicTimerProvider.java:51)
at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
at java.base/java.util.TimerThread.run(Timer.java:506) Caused by: org.hibernate.exception.GenericJDBCException: could not prepare
statement
at org.hibernate#5.3.15.Final//org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:47)
at org.hibernate#5.3.15.Final//org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:113)
at org.hibernate#5.3.15.Final//org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:186)
at org.hibernate#5.3.15.Final//org.hibernate.engine.jdbc.internal.StatementPreparerImpl.prepareStatement(StatementPreparerImpl.java:81)
at org.hibernate#5.3.15.Final//org.hibernate.hql.internal.ast.exec.BasicExecutor.doExecute(BasicExecutor.java:87)
at org.hibernate#5.3.15.Final//org.hibernate.hql.internal.ast.exec.BasicExecutor.execute(BasicExecutor.java:59)
at org.hibernate#5.3.15.Final//org.hibernate.hql.internal.ast.exec.DeleteExecutor.execute(DeleteExecutor.java:109)
at org.hibernate#5.3.15.Final//org.hibernate.hql.internal.ast.QueryTranslatorImpl.executeUpdate(QueryTranslatorImpl.java:453)
at org.hibernate#5.3.15.Final//org.hibernate.engine.query.spi.HQLQueryPlan.performExecuteUpdate(HQLQueryPlan.java:378)
at org.hibernate#5.3.15.Final//org.hibernate.internal.SessionImpl.executeUpdate(SessionImpl.java:1550)
at org.hibernate#5.3.15.Final//org.hibernate.query.internal.AbstractProducedQuery.doExecuteUpdate(AbstractProducedQuery.java:1603)
at org.hibernate#5.3.15.Final//org.hibernate.query.internal.AbstractProducedQuery.executeUpdate(AbstractProducedQuery.java:1585)
... 11 more Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection is
closed.
at com.microsoft//com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:234)
at com.microsoft//com.microsoft.sqlserver.jdbc.SQLServerConnection.checkClosed(SQLServerConnection.java:1088)
at com.microsoft//com.microsoft.sqlserver.jdbc.SQLServerConnection.prepareStatement(SQLServerConnection.java:3409)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnection.doPrepareStatement(BaseWrapperManagedConnection.java:761)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnection.prepareStatement(BaseWrapperManagedConnection.java:747)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.WrappedConnection$4.produce(WrappedConnection.java:478)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.WrappedConnection$4.produce(WrappedConnection.java:476)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.SecurityActions.executeInTccl(SecurityActions.java:97)
at org.jboss.ironjacamar.jdbcadapters#1.4.20.Final//org.jboss.jca.adapters.jdbc.WrappedConnection.prepareStatement(WrappedConnection.java:476)
at org.hibernate#5.3.15.Final//org.hibernate.engine.jdbc.internal.StatementPreparerImpl$1.doPrepare(StatementPreparerImpl.java:90)
at org.hibernate#5.3.15.Final//org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:176)
... 20 more
EDITED:
Here is the datasource configuration part within standalone-ha.xml
<subsystem xmlns="urn:jboss:domain:datasources:5.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:sqlserver://sqlserver\sqlinstance:1431;DatabaseName=keycloak;</connection-url>
<driver>sqlserver</driver>
<security>
<user-name>keycloak</user-name>
<password>keycloak</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
<driver name="sqlserver" module="com.microsoft">
<driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
<xa-datasource-class>com.microsoft.sqlserver.jdbc.SQLServerXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
I am figuring out the way to use a third party identity provider for apex SSO authentication. Almost i am done with help of SAML SSO
Here is my metadata file by identity provider
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="u2ecyBkedSUsxVldsmYW27kONOp" cacheDuration="PT1440M" entityID="ps.trivadis.com">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#u2ecyBkedSUsxVldsmYW27kONOp">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Q0tFZzytRiz4POfzapmQCAOYMGdQ4s62D8U2K7YMP4Y=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
F+/8hUvaF+gqud3lt6Ua2BIPcrgdlMyMlghBwQ56yy0mcYv7fkxYlDys/8Ae7Lc6o05aGWesg0/m AeyJXZRwDOjuoeNPKvEK63J2xcPpJthN2XVyVdnfb5owAUuwSjysvMFLl8PQyN2Zoe6iOPXsPEJD PTQ7L2JRcM+WkgPGqxa/I8A4A+odK7BLSy4yVIzkrV3XD7NnQ0uiy7BbyFsPla+LGY08mwwAQhT9 Fe5Om4dWduckDP01JO8PJmdbELwkI5XmtQEsZoPbJsZ4AcjNJjX+5Uzm+CQep1BaxtU7xWisHrhh qd2JC76CJX5FMuyAnCaSqY5WHdBZ9CS0RaA5Fg==
</ds:SignatureValue>
</ds:Signature>
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIC/DCCAeSgAwIBAgIGAW1jcutSMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNVBAYTAkNIMRQwEgYDVQQKEwtUcml2YWRpcyBBRzEaMBgGA1UEAxMRZnMtdGVzdC52ZXJ0dW0uY2gwHhcNMTkwOTI0MTMyNTM4WhcNMjkwOTIxMTMyNTM4WjA/MQswCQYDVQQGEwJDSDEUMBIGA1UEChMLVHJpdmFkaXMgQUcxGjAYBgNVBAMTEWZzLXRlc3QudmVydHVtLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwEI+qomPi0q8KCh6dLvmdZTbbN/R2uGaUgLZ7AgC/zYpEo1yX6FOpkZi2FK8x55B04NSWAVyF6YxPS2365Bm9aiWXdBLhs6mJJ46SjmuhTEPKWGL2lX7mPDamD5RR7FgNzj6ZM6f7S0Rl2jBoYt8eonYqbD+BcPX2F8YDlUWQfEuAdet7U+IZuE96r885QJS3Fx4CZ1/+IUk9kbKg9BZTutaz30TxGYQ5yC0GGFylMT4YbUA9SRiHeyOZdIiV0c6IzMF50d2VbBd+zcJdfF4Vi0je+G+TdvObJ0B14SVPyXwjBWRXuWsaY9BLIiHJD+DHAafcWpBb4SJWk+QfIVWQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAZBV9Hlfc3YrY/uCMelb+P8wVbnJbhONkTZsI+775FT+mk1cGZMEyUoItcwZg3eFOKWtykpujCPYoqandCvDu0Me6BLDCtUTx+KZrbwJ/xJyKVqWay53hrkcJHGzAv1ZJ5GtIcPpQCH9EYDC6GcmFSYaiJcNHB+TKtgxjyXTvDzuU1v4qsLQQVC0qlKUbyErYvdv7doqn7MnIMTYafJDZwiPh6phXZTswjN47Fkj32Ekt0zOC2oX4uEPTBxk6zCGIIcLsr3Sbns8kbHRcMWRaGUo8wryCDM99HBuwU+QArAqYGEsgZ3sEmEmICeshM/I5jkUHIj/Y+FVgdJqHo35iy
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://fs.trivadis.com/idp/SSO.saml2"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://fs.trivadis.com/idp/SSO.saml2"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="memberOf" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="userPrincipalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="SAML_NAME_FORMAT" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="administrative"/>
</md:EntityDescriptor>
i have follwed the simple steps as mention in the above link . but still i am not succeeded or actually logged into the apex via third party identity provider. Please let me know if you want to know some additional info about this setup i will share.
Your link doesn't work for me...not sure what you're trying to set up.
We have SAML2 authentication working with Apex via mod_auth_mellon for Apache (which just went out of support by the creator, but is still in most repos). Set it up to do SAML2 authentication and set an HTTP header with the username, and have Apex Authentication Scheme check the same header to pull in the username. Works well.
saml20.implementation.SAMLFeedbackException: The response from the identity provider is not valid.
Trying to configure SAML2.0 using WSO2 5.4.1 Identity Server
Here is the Metadata file from WSO2 IS.
<?xml version="1.0" encoding="UTF-8"?><EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="localhost">
<IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
validUntil="2018-02-28T06:02:51.018Z"><KeyDescriptor use="signing"><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data>
<X509Certificate>
MIIDSTCCAjGgAwIBAgIEAoLQ/TANBgkqhki....WCCq4ZuXl6wVsUz1iE61suO5yWi8=
</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"
ResponseLocation="https://localhost:9443/samlsso"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified</NameIDFormat><SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://localhost:9443/samlsso"/><SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"/></IDPSSODescriptor>
</EntityDescriptor>
Below file is SP generated from SAML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor entityID="http://localhost:7337/"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDNjCCAh6gAwIBAgI....7YzPhQmQo7pVpn1YLvlNk
IJyZ9RkmZyI+h6ayztkOgc+scflN/j2fdDOufg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
Redirect" Location="http://localhost:7337/SSO/logout"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
POST" Location="http://localhost:7337/SSO/logout"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:7337/SSO/assertion" index="1"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://localhost:7337/SSO/assertion" index="2"/>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">NNN</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">NNN</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.xyz.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:GivenName>Test</md:GivenName>
<md:SurName>K</md:SurName>
<md:EmailAddress>test.k#gmail.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
When I am running application it is redirecting me to wso2 login page. After giving username and password and on click on Login button I'm getting this error.
Finally I got it after lot of struggle and working properly.
I was missing a check box to check under SAML2 Web SSO Configuration, see the image below
everyone. I have a mystery. It may be obvious to someone, hence this.
About 10 days ago, my Service Provider app started to throw a curious error after working flawlessly for several weeks. I have a service provider running both locally and on Azure. The app uses KentorAuthServices to handle the messy XML and crypto bits. It was running smoothly and then, suddenly, it began to throw the error, "Could not create hash algorithm object." I enabled framework debugging and traced it to the very location indicated in the last line of this extract of the stack trace:
[CryptographicException: Could not create hash algorithm object.]
System.Security.Cryptography.Xml.Reference.CalculateHashValue(XmlDocument document, CanonicalXmlNodeList refList) +160912
System.Security.Cryptography.Xml.SignedXml.CheckDigestedReferences() +154
System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key) +73
Indeed, it cannot create the hash algorithm object because the algorithm represented by this URI
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
now purports to be unsupported, despite having a custom handler for it built into KentoAuthServices-and which worked as expected until this sudden turn of events. Just as a sanity check, I pointed the SP app at Kentor's own stub IdP and the app behaves as expected. As well, I validated the SAML response, which I will reproduce below, against OneLogin's SAML validation utility, which also reports that the response is valid but that the algorithm is unsupported.
Things I do know:
The Azure AD cert is current, complete, and accessible in the Trusted
Root cert store of LocalMachine, and created after the October 10
policy change for rollovers (which should be irrelevant here anyway).
The SP is not signing the request with any kind of funky, self-signed
cert; nor did it ever.
Both locally and on Azure, the app is pegged to
an SSL port.
The configuration of the app--EntityId, Issuer, metadata
location and loading, binding, request signing behavior; and so
on--has remained unchanged--except for my testing, which added a swappable IdP reference pointed to the stub provider.
Azure AD successfully processes the request and
issues a response, which is otherwise valid; however,
System.Security.Cryptography cannot create the hash for the
signature.
I feel like I'm missing something obvious, except for the fact that the app was unchanged from one day to the next; hence, I'm obliged to ask if anything in the world has changed to explain why rsa-sha256 is coming up dead. Here's the redacted SAML request and response for your perusal. Most identifying info is removed, but you already know it's from Azure AD so the cert is present and you can validate it for your edification. Thanks, and have a great day.
<saml2p:AuthnRequest
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="id1cf99748a239485692824ff1b950b5f9"
Version="2.0"
IssueInstant="2016-11-29T16:44:34Z"
Destination="https://login.windows.net:443/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/saml2"
AssertionConsumerServiceURL="https://xxxx.azurewebsites.net/AuthServices/Acs">
<saml2:Issuer>https://xxxxx.xxx/federation</saml2:Issuer>
</saml2p:AuthnRequest>
<samlp:Response
ID="_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Version="2.0"
IssueInstant="2016-11-29T16:44:36.521Z"
Destination="https://xxxxxxxx.azurewebsites.net/AuthServices/Acs"
InResponseTo="id1cf99748a239485692824ff1b950b5f9"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/
</Issuer>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion
ID="_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx"
IssueInstant="2016-11-29T16:44:36.505Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://sts.windows.net/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/</Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
URI="#_2a5aa895-bcf1-4f98-87d6-187e7d75338c">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:DigestValue>
HE62WvhO505xxxxxxxxnopQTPfL6LybGYySKUKfBxtY=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>E8bvvT1iw148RaVOtlPWWMhPMq121arxJ2lwRd3Boi5Xe3Lw+sc9TgCWsmFa4tcIq0idmYTkYVio4cBDNnzIcMqy28JeeiF53nriO3eyxRQiPeJhyy6JUFnbhWEa6DcYvIbD14izrvdQGuGzULeL8K2cc32xDnCjYZXAWvY4V+iaEJhXqc50bfplUXwTcgo2YzPckmh/+iad0jVFBBj1S7bMDp9+hOvUHgrwU/FIm8H7Y/g6rZZ2mlkEsdRP0WRQfCgI/IHLf1IqUdaGE9hZpqcecmtAiKytWIe/0z/8zzUC3Xp2f+L2XEXMH3Y7iNOyKr38X3FQ/
OChWEdYLIj3rw==
</ds:SignatureValue>
<KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIC8DCCAdigAwIBAgIQNJKIhylW6qVJDAuPDpyGfDANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0xNjExMjQxNDI2NTlaFw0xNzExMjQxNDI2NTlaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMAryO4ZkQ5WE+2QOK1oe8cXa00JH4zGDjRF92Nj4s8NrPF+2zR2IwTYV3yH5kTckCYU2+i+jDr4lBRvjG+LSoN9xdUtu4pF9Ya1v6VN6ELWnTtZYSMY7Xh3ztjF7jmWFSEvANTcTLq5wSfbZuDfti6zdJ+TP6DSN6Q3cR0wqdPJbR4NlQdpmIVAIHrpur218IhRSMcodxlKdS47cU7jTb1Vqo9uzRmrz9l5aZnPgxzv2OKHafD7E/eDIUMjkfOoZbNJJIfBy1wrGUHBLdb318VVIMDtym4Xw52TuFJ1O0dWRZU4pGGh8Vo81Hz689i8cTYv0v4bUmUeCE9kHOTHbQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAuoJMRWb3hj0f7Bg8jFTRizA+3sVXI98MKRCmxDHy84LQi5VE8VOW9TXXN8cfPQ0MlFOGg5aeePWMjr4Pmwfq5Q1aZ0JsQszAIhKzIq1jGadwlkAs1VKA37oHa6aa8OrAtLYhA5xwqq5q6oE1AULuC7g697FoSO0Q8MpHl6VCxvuqXzHQ/KYXiJ6hqpHTZN8eliBwio7+xP0O23QdM0sgkO5EvdSiuB5s23e77iutJD8YvD+oOz3QVf9OeOuocK1TtQmFaiI3kkliM1sfWowHjfIOiPjNpSBmEuKiq02XCWTDzkuYCxcRdgVnhRG+/SRqv+OTJIs6vnAWrtsFIbRGt</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">xxxxxxxxx.xxxxxxxxxxxxxxx#Xxxxxxxxxxx.com
</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
InResponseTo="id1cf99748a239485692824ff1b950b5f9"
NotOnOrAfter="2016-11-29T16:49:36.505Z"
Recipient="https://xxxxxxxxxxxxxxxxxxxxxxx.azurewebsites.net/AuthServices/Acs"/>
</SubjectConfirmation>
</Subject>
<Conditions
NotBefore="2016-11-29T16:39:36.505Z"
NotOnOrAfter="2016-11-29T17:39:36.505Z">
<AudienceRestriction>
<Audience>https://xxxxxxxxxxxxxx.com/federation</Audience>
</AudienceRestriction>
</Conditions>
<AttributeStatement>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/tenantid">
<AttributeValue>ccbf68cb-7932-44bd-b015-cb686e0a4441</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/objectidentifier">
<AttributeValue>94d0114a-c4b8-4568-bf63-4b597aa65eda</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/displayname">
<AttributeValue>xxxxxxxxxxxxxxxxxxxx</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.microsoft.com/identity/claims/identityprovider">
<AttributeValue>live.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
<AttributeValue>xxxxxxxxxxxxx</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
<AttributeValue>xxxxxxxxxxxxxxxxxxxxxxx</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>xxxxxxxxxxxxxxxxxxxxx#Xxxxxxxxxxxxxxxxxx.com</AttributeValue>
</Attribute>
<Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
<AttributeValue>xxxxxxxxxxxxxxxx.xxxxxxxxxxxx#xxxxxxxxxxxxxxxxxxxx.com</AttributeValue>
</Attribute>
</AttributeStatement>
<AuthnStatement
AuthnInstant="2016-11-27T02:37:17.000Z"
SessionIndex="_xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>