I am submitting a SAMLRequest from an HTML form to ADFS. Upon sending the request, I got a form that asks for Username and Password. When I give valid Username and Password and submit the form, it prompts me with the following error:
There was a problem accessing the site. Try to browse to the site again.
If the problem persists, contact the administrator of this site and
provide the reference number to identify the problem.
**Reference number**: 5881826a-80a1-4e00-8baa-c477c2348ef1
Here is SAMLRequest:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
AssertionConsumerServiceURL="http://www.someurl.com"
ForceAuthn="false" IsPassive="false"
IssueInstant="2015-04-09T11:17:43.273Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sts.abc.com/adfs</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ds saml samlp" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>eOh4k4OqoVnNCoCMpKTgqILoLGw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
IvxweY9qkKKy5FrhHn08S2Q0KFeBR26t7N5/nbUXJEyVRpK8UopEnYT361pq5udgTaw3OMpoTIGg
bNLzSVYu91q12XOPTXyyx2UP6yfDq3lgD+5w71t6ziNTXgQuFhr8a2G97p83xOLF5f3l8MrGSjpL
Y7tVBKESAGw+klqVjotM1p5QvB51YVhNkvAy5Fw2jvZVTmjahRg/4wjDplbU1rdHiZ4mumyh5NZT
BwNCx/003ba7jaKEjTze0UG1wb4qtI63P1/7hqWVLGHrArG46Q2qPpiwBNCOpxOlgXOeU/mfOjQG
hMcDv5+3AllzdlrPoQE90WItScPG4yzu8eiYSQ==
</ds:SignatureValue>
</ds:Signature>
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Here is the Stack Trace I got from ADFS Event Log:
Log Name: AD FS 2.0/Admin
Source: AD FS 2.0
Date: 4/7/2015 10:36:41 AM
Event ID: 364
Task Category: None
Level: Error
Keywords: AD FS
User: LTI\sa-adfs
Computer: SOMESERVER.ADMIN.LES.LOCAL
Description:
Encountered error during federation passive request.
Additional Data
Exception details:
Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: The creator of this fault did not specify a Reason.
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest(MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
System.ServiceModel.FaultException: The creator of this fault did not specify a Reason.
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest(MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="AD FS 2.0" Guid="{20E25DDB-09E5-404B-8A56-EDAE2F12EE81}" />
<EventID>364</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000001</Keywords>
<TimeCreated SystemTime="2015-04-07T14:36:41.375618200Z" />
<EventRecordID>7999</EventRecordID>
<Correlation ActivityID="{4501AAAF-E56D-4553-A6C9-27AC5190A0EA}" />
<Execution ProcessID="4956" ThreadID="2756" />
<Channel>AD FS 2.0/Admin</Channel>
<Computer>250ADFS1.ADMIN.LES.LOCAL</Computer>
<Security UserID="S-1-5-21-2101114347-22087826-926709054-84784" />
</System>
<UserData>
<Event xmlns:auto-ns2="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events">
<EventData>
<Data>Microsoft.IdentityServer.Web.RequestFailedException: MSIS7012: An error occurred while processing the request. Contact your administrator for details. ---> System.ServiceModel.FaultException: The creator of this fault did not specify a Reason.
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest(MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
System.ServiceModel.FaultException: The creator of this fault did not specify a Reason.
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClientManager.ProcessRequest(Message request)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest(MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.ProcessRequest[T](MSISSamlRequest samlRequest)
at Microsoft.IdentityServer.Protocols.Saml.Contract.MSISSamlProtocolContractClient.CreateErrorMessage(HttpSamlMessage httpSamlMessage, SamlStatus status)
at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.SendSamlError(SamlStatus status)
</Data>
</EventData>
</Event>
</UserData>
</Event>
Is this error due to something missing in SAMLRequest, or It is the ADFS side issue. How to track down this issue and what can be possible reasons that cause this error.
One possible reason is that the request was asking for a Transient NameId. You can check if Relying party trust for that SP has a NameId claim rule to issue a correct one as described in http://blog.auth360.net/2012/09/02/adfs-as-an-identity-provider-and-saml-2-0-saas-application-integration/
Related
Here is my service provider metadata
Here is my service provider metadata
<?xml version="1.0"?>
<md:EntityDescriptor entityID="https://localhost:5200" validUntil="2022-08-30T19:10:29Z"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<!-- insert ds:Signature element (omitted) -->
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIID2TCCAsGgAwIBAgIUIAXntTTcs4IGVz8v8KpHAz46QfMwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtZb3JiYSBM
aW5kYTEWMBQGA1UECgwNTWluZExvZ2ljIElOQzEYMBYGA1UECwwPKi5taW5kbG9n
aWMuYXBwMRgwFgYDVQQDDA8qLm1pbmRsb2dpYy5hcHAwHhcNMjEwODE3MTEyMDEw
bvDj7E3wzI80gp7uU3KqU3UNswzsgcwSkwRTGS9sKkNnS62efQXKHRtR7fBwbOqU
Y9bSXiTiSbd9zOvdVd+gGAqOqOB1o+jB55AvjtkzXhaoyBaQM1vStP7OCw0yFhNf
fOKTM7EdAzTXoV4hJtUo0CMcUTFMP8PBnMHWQ5A6jZ8iBCXStcQ5Y71YhPUxa6dh
I7rPk/j8+/qKbKyAhOSRvCiQY5xbAY12rW07WJ1JcWk7jvT7Kx4pll5Mh1G3lOcC
AwEAAaNTMFEwHQYDVR0OBBYEFN2ugfhPaQ2Gyj/5aedoNN1eriDDMB8GA1UdIwQY
MBaAFN2ugfhPaQ2Gyj/5aedoNN1eriDDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAqn3aU/U7PA59yjHLjFb8LzMMoAS+b9Fu0d9JNym9K1ugzf
dq/SgBS7MVrhz2bE/n3VQfnv+tjSLqQNwhyHmFy36Z43Q/BYrbofL6RSSrnozFz6
uUYkuFFeCd857OyKOxKv33wD6EE6rNZqI7wEmKov2U7RNToxHD5NmeH0lTBHmBTH
UWp/yLQkTlMZYUDfOCBxlF2+bGS1hzdXPOELN3RZNRk9M61NHyISfE7VpqIlI1Ro
x4DUK89TKDG/mLl985h+sTuPMmIMpl1ozXrJWhKucoqjSfMTh/MLQTQS1lHmeAFH
npro/M9yy1Uwrz4K93nju5kNLLZL7NRzddjHOYs=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:5200/map"/>
<md:AttributeConsumingService index="0">
<md:ServiceName xml:lang="en">Example.com Employee Portal</md:ServiceName>
<md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
<md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Localtest.com Inc.</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Localtest.com</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">https://localhos:5200/</md:OrganizationURL>
</md:Organization>
</md:EntityDescriptor>
Here is my SERVICE PROVIDER initiative request
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="id-16f33a7e-4381-4d40-9fdd-1949dd679e86" Version="2.0" IssueInstant="2021-09-09T07:58:45Z " Destination="https://saml.mlads.mindlogic.app/adfs/ls/" Consent="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:5200</Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/> <samlp:RequestedAuthnContext> <samlp:AuthnContextClassRef xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Password</samlp:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest>
I deflated and encoded base 64 but my adfs server throws error
deflated data
nZJtS8MwEMe/Ssj7NunWPTR0g7EhDFTGFF/4LiSpC+Sh5lKc39600zGQDRECgf/l/ve7u9TArWnZqosHt1fvnYKIjtY4YENggbvgmOeggTluFbAo2NPq4Z6Ncsra4KMX3mC03SywllkxbcZjPlNZOZ4XWSlLmlWNTHpVVlJOZ5WaTzF6UQG0dwucPFIqQKe2DiJ3MUl0VGS0SueZzthkzsrJK8Jok7i043FIO8TYAiOkJ8yt4RJyq500/k2LnLct4bIBYoBgtPYOVO97rY0iLwYlwTc+WB6ZslyblZRBAeAlqge+cBrK7XFwABV6RLz8QTRecHPwENlkRGlNTmbJ9TT2x+Sx3ey80eIT3Q31/41Kzq7fe1Ry2GoaQVTHeI5eimuTmPeq+fvKL3q8+Uww0XsneZeuDx9kTa7XT3DkNjv5/U+XXw==
Error details: Found invalid data while decoding.
Note: I am triggering the url from browser
https://saml.mlads.mindlogic.app/adfs/ls?SAMLRequest=nZJtS8MwEMe/Ssj7NunWPTR0g7EhDFTGFF/4LiSpC+Sh5lKc39600zGQDRECgf/l/ve7u9TArWnZqosHt1fvnYKIjtY4YENggbvgmOeggTluFbAo2NPq4Z6Ncsra4KMX3mC03SywllkxbcZjPlNZOZ4XWSlLmlWNTHpVVlJOZ5WaTzF6UQG0dwucPFIqQKe2DiJ3MUl0VGS0SueZzthkzsrJK8Jok7i043FIO8TYAiOkJ8yt4RJyq500/k2LnLct4bIBYoBgtPYOVO97rY0iLwYlwTc+WB6ZslyblZRBAeAlqge+cBrK7XFwABV6RLz8QTRecHPwENlkRGlNTmbJ9TT2x+Sx3ey80eIT3Q31/41Kzq7fe1Ry2GoaQVTHeI5eimuTmPeq+fvKL3q8+Uww0XsneZeuDx9kTa7XT3DkNjv5/U+XXw==
ADFS error Log
Encountered error during federation passive request.
Additional Data
Protocol Name:
Relying Party:
Exception details:
System.IO.InvalidDataException: Found invalid data while decoding.
at System.IO.Compression.Inflater.DecodeDynamicBlockHeader()
at System.IO.Compression.Inflater.Decode()
at System.IO.Compression.Inflater.Inflate(Byte[] bytes, Int32 offset, Int32 length)
at System.IO.Compression.DeflateStream.Read(Byte[] array, Int32 offset, Int32 count)
at Microsoft.IdentityModel.Web.DeflateCookieTransform.Decode(Byte[] encoded)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.DecodeMessageInternal(String message)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection)
at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)`
I forgot to encode url after I encode url it works.so the request should be = urlencode(base64encode(deflate))
I am having a bit of trouble signing the following saml message:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://sp/sso/assert" ID="id-qOKj7lEjHF9LLlTjt" InResponseTo="_cd59dfa2245177f214bfc5252c873e702ad29640c3" IssueInstant="2018-07-06T07:34:48Z" Version="2.0">
<saml2:Issuer>http://myidp/sso</saml2:Issuer>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_50247aab9621ee91aaca836e20de20dc">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue/>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC8jCCAlugAwIBAgIJAJHg2V5J31I8MA.....</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-RytehFWT2t5Bem6UH" IssueInstant="2018-07-06T07:34:48Z" Version="2.0">
<saml2:Issuer>http://myidp/sso</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">test#test.com</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_cd59dfa2245177f214bfc5252c873e702ad29640c3" NotOnOrAfter="2018-07-06T07:34:48Z" Recipient="https://sp/assert"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2018-07-06T07:34:48Z" NotOnOrAfter="2018-07-08T08:52:24.242Z">
<saml2:AudienceRestriction>
<saml2:Audience>test_audience</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2018-07-06T07:34:48Z" SessionIndex="_72c6639cdbf65c0b2eed63847990b13a">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
Whenever I launch the command to sign using xmlsec1, I get the following message:
Error: failed to find default node with name="Signature"
Error: failed to load template "/tmp/test.xml"
Error: failed to sign file "/tmp/test.xml"
As you can see in my SAML message, I already have a Signature tag, and I checked that my XML is valid, so I am a bit stuck right now. Can anyone locate my problem?
It turns out I was missing the signature node in the Assertion part of the message, you need to have both if you want to sign the message AND the assertion.
saml20.implementation.SAMLFeedbackException: The response from the identity provider is not valid.
Trying to configure SAML2.0 using WSO2 5.4.1 Identity Server
Here is the Metadata file from WSO2 IS.
<?xml version="1.0" encoding="UTF-8"?><EntityDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="localhost">
<IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
validUntil="2018-02-28T06:02:51.018Z"><KeyDescriptor use="signing"><KeyInfo
xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data>
<X509Certificate>
MIIDSTCCAjGgAwIBAgIEAoLQ/TANBgkqhki....WCCq4ZuXl6wVsUz1iE61suO5yWi8=
</X509Certificate></X509Data></KeyInfo></KeyDescriptor><SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"
ResponseLocation="https://localhost:9443/samlsso"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified</NameIDFormat><SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://localhost:9443/samlsso"/><SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://localhost:9443/samlsso"/></IDPSSODescriptor>
</EntityDescriptor>
Below file is SP generated from SAML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor entityID="http://localhost:7337/"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDNjCCAh6gAwIBAgI....7YzPhQmQo7pVpn1YLvlNk
IJyZ9RkmZyI+h6ayztkOgc+scflN/j2fdDOufg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
Redirect" Location="http://localhost:7337/SSO/logout"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-
POST" Location="http://localhost:7337/SSO/logout"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:7337/SSO/assertion" index="1"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="http://localhost:7337/SSO/assertion" index="2"/>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">NNN</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">NNN</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.xyz.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="administrative">
<md:GivenName>Test</md:GivenName>
<md:SurName>K</md:SurName>
<md:EmailAddress>test.k#gmail.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
When I am running application it is redirecting me to wso2 login page. After giving username and password and on click on Login button I'm getting this error.
Finally I got it after lot of struggle and working properly.
I was missing a check box to check under SAML2 Web SSO Configuration, see the image below
I am persistently getting the following error when my API tries to connect to the database:
Message : Error sending HTTP request. Message payload is of type: String
Type : org.mule.api.MessagingException
Code : MULE_ERROR--2
JavaDoc : http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html
Exception stack is:
1. Timeout exceeded (java.util.concurrent.TimeoutException)
com.ning.http.client.providers.grizzly.GrizzlyAsyncHttpProvider:426 (null)
2. Error sending HTTP request. Message payload is of type: String (org.mule.api.MessagingException)
org.mule.module.http.internal.request.DefaultHttpRequester:287 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html)
Root Exception stack trace:
java.util.concurrent.TimeoutException: Timeout exceeded
at com.ning.http.client.providers.grizzly.GrizzlyAsyncHttpProvider.timeout(GrizzlyAsyncHttpProvider.java:426)
at com.ning.http.client.providers.grizzly.GrizzlyAsyncHttpProvider$3.onTimeout(GrizzlyAsyncHttpProvider.java:274)
at org.glassfish.grizzly.utils.IdleTimeoutFilter$DefaultWorker.doWork(IdleTimeoutFilter.java:398)
at org.glassfish.grizzly.utils.IdleTimeoutFilter$DefaultWorker.doWork(IdleTimeoutFilter.java:377)
at org.glassfish.grizzly.utils.DelayedExecutor$DelayedRunnable.run(DelayedExecutor.java:158)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
My API is trying to connect to a database as follows:
<flow name="system-api-config" >
<set-property propertyName="Content-Type" value="application/json" doc:name="Set Content Type"/>
<json:json-to-object-transformer returnClass="java.lang.Object" doc:name="JSON to Object"/>
<!-- <set-variable variableName="agreementLinePayload" value="#[new java.util.ArrayList()]" doc:name="Set Entries"/> -->
<set-variable variableName="agPayload" value="#[new java.util.HashMap()]" doc:name="Set Entries"/>
<set-variable variableName="agLnID" value="#[payload.agLnID]" "/>
<set-variable variableName="exe" value="#[payload.exe]" "/>
<logger message="Extended Price :#[flowVars.extendedPrice]" level="INFO" doc:name="Logger"/>
<expression-component doc:name="Expression"><![CDATA[
flowVars.agreementLinePayload.add(payload.agLnID);
flowVars.agreementLinePayload.add(payload.exe);
]]>
</expression-component>
<db:bulk-execute config-ref="Oracle_Configuration" doc:name="Database"><![CDATA[INSERT INTO HDR(ID,
someNUMBER,
START_DATE,
END_DATE,
O_NUMBER)
VALUES (SEQ.NEXTVAL,
NUM_SEQ.NEXTVAL,
TO_DATE('2017-02-17','YYYY-MM-DD HH24:MI:SS'),
TO_DATE('2018-02-17','YYYY-MM-DD HH24:MI:SS'),
#[payload.myField])
</db:bulk-execute>
….
I have tried toggling connection timeout & HTTP Request timeout but to no avail. it always gives this timeout exception when I make the database call, please give ideas.
Have you tried executing the sql query in database? It could be the query took a long time to process.
I created a flow that has an input of a csv file, then uses DataWeave to transform to JSON and then loops through each records and logs the payload - simple, works fine.
I then created the following MUnit using the getResources method of the Mock component; however, when I run the MUnit test, I get the following error:
ERROR:
ERROR 2015-12-06 15:25:48,613 [main]
org.mule.exception.DefaultMessagingExceptionStrategy:
********************************************************************************
Message : Cannot process event as "getCSVAccountsFlow" is
stopped
Code : MULE_ERROR-166
--------------------------------------------------------------------------------
Exception stack is:
1. Cannot process event as "getCSVAccountsFlow" is stopped
(org.mule.api.lifecycle.LifecycleException)
org.mule.construct.AbstractPipeline$ProcessIfPipelineStartedMessageProcessor:440
(http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/lifecycle/Lifecy
cleException.html)
--------------------------------------------------------------------------------
Root Exception stack trace:
org.mule.api.lifecycle.LifecycleException: Cannot process event as "getCSVAccountsFlow" is stopped
at org.mule.construct.AbstractPipeline$ProcessIfPipelineStartedMessageProcessor.handleUnaccepted(AbstractPipeline.java:440)
at org.mule.processor.AbstractFilteringMessageProcessor.process(AbstractFilteringMessageProcessor.java:45)
at org.mule.execution.ExceptionToMessagingExceptionExecutionInterceptor.execute(ExceptionToMessagingExceptionExecutionInterceptor.java:24)
+ 3 more (set debug level logging or '-Dmule.verbose.exceptions=true' for everything)
********************************************************************************
MUnit Test:
<mule xmlns:mock="http://www.mulesoft.org/schema/mule/mock" xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:munit="http://www.mulesoft.org/schema/mule/munit" xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:core="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/mock
http://www.mulesoft.org/schema/mule/mock/current/mule-mock.xsd
http://www.mulesoft.org/schema/mule/munit
http://www.mulesoft.org/schema/mule/munit/current/mule-munit.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd">
<munit:config name="munit" doc:name="MUnit configuration" />
<spring:beans>
<spring:import resource="classpath:accounts.xml" />
</spring:beans>
<munit:test name="accounts-getCSVAccountsFlowTest"
description="Test">
<mock:when messageProcessor="File" doc:name="File Input"
doc:description="Mocks the File processor that accepts a csv file">
<mock:then-return
payload="#[getResource('input/accounts.csv').asByteArray()]" />
</mock:when>
<flow-ref name="getCSVAccountsFlow" doc:name="Flow-ref to getCSVAccountsFlow" />
<munit:assert-not-null doc:name="Assert Not Null Payload" />
</munit:test>
</mule>
FLOW:
<flow name="getCSVAccountsFlow" initialState="stopped">
<file:inbound-endpoint path="src/main/resources/input"
moveToDirectory="src/main/resources/output" responseTimeout="10000"
doc:name="File">
<file:filename-regex-filter pattern=".*csv"
caseSensitive="false" />
</file:inbound-endpoint>
<dw:transform-message metadata:id="6b5dfac1-0410-40c4-b920-d7fdcd60333c" doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
---
payload map ((value , index) -> {
Name: value.Name,
BillingStreet: value.BillingStreet,
BillingCity: value.BillingCity,
BillingState: value.BillingState,
BillingPostalCode: value.BillingPostalCode,
BillingCountry: value.BillingCountry
})]]></dw:set-payload>
</dw:transform-message>
<foreach doc:name="For Each">
<logger message="#[payload]" level="DEBUG" doc:name="Logger" />
</foreach>
<logger message="#[payload]" level="DEBUG" doc:name="Logger" />
</flow>
MUnit test fails because the Flow's Initial State is stopped.
<flow name="getCSVAccountsFlow" initialState="stopped">
Set it to empty by:
Select your flow and open its properties
Inside Flow Configuration section, set Initial State to -- Empty --
Re-run MUnit test