我正在为自定义域执行Salesforce登录,其中我有SSO提供程序,它返回SAML,而我的移动应用程序使用消耗oAuth令牌的Salesforce REST API。 对于转换,我们使用SAML-Assertion 我们允许用户登录到SSO-Okta的webview,这会将用户重定向到Salesforce,在浏览器中返回SAML响应。 我们将此saml回复发送给" https://login.salesforce.com/services/oauth2/token"获取返回错误的访问令牌{ "错误":" invalid_grant", " error_uri":" https://na34.salesforce.com/setup/secur/SAMLValidationPage.apexp", " error_description":"无效断言" }
我的点击Salesforce请求的代码是 final HttpClient httpclient = new DefaultHttpClient(); 最终的HttpPost帖子=新的HttpPost(" https://login.salesforce.com/services/oauth2/token");
post.setHeader("Content-Type", "application/x-www-form-urlencoded");
String samlResponse = "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIERlc3RpbmF0aW9uPSJodHRwczovL2xvZ2luLnNhbGVzZm9yY2UuY29tL3NlcnZpY2VzL29hdXRoMi90b2tlbiIgSUQ9Il8yYTNkMDE3OS04MzM5Y2E2IiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDQtMDZUMDk6NTg6MTkuODg5WiIgVmVyc2lvbj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4zTVZHOVk2ZF9CdHA0eHA1bWd5N2hCZmhDYkxKdmtsR0l5V2Q4SFR1Z1p4ZGFwYzNYd0ZfNUtqZlZWbG1SSHJqdWRza2lHNnlua2o5dTRReWhhN29RPC9zYW1sMjpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2RzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiNfMmEzZDAxNzktODMzOWNhNiI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgeG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgUHJlZml4TGlzdD0ieHMiLz48L2RzOlRyYW5zZm9ybT48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPnZIanBpWitQZmd3cnVlSFQxL1l2OEVLSU53ND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+WS9RUFRxS0xsTHg0bEVVckc3Wm5tZ3ZPU3RSUnJGRXhhOVZpN3BnZXdGR2VubTQzNExOR3JnPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUQwekNDQTVHZ0F3SUJBZ0lFRi91RklUQUxCZ2NxaGtqT09BUURCUUF3Z2JveEN6QUpCZ05WQkFZVEFsVlRNUXN3Q1FZRFZRUUkKRXdKRFFURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFU01CQUdBMVVFQ2hNSlFYaHBiMjBnVTFOUE1WRXdUd1lEVlFRTApFMGhHVDFJZ1JFVk5UMDVUVkZKQlZFbFBUaUJRVlZKUVQxTkZVeUJQVGt4WkxpQkVUeUJPVDFRZ1ZWTkZJRVpQVWlCUVVrOUVWVU5VClNVOU9JRVZPVmtsU1QwNU5SVTVVVXk0eEh6QWRCZ05WQkFNVEZrRjRhVzl0SUVSbGJXOGdRMlZ5ZEdsbWFXTmhkR1V3SGhjTk1UUXcKTmpJd01EUXpNREkzV2hjTk5ERXhNVEExTURRek1ESTNXakNCdWpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZdwpGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJJd0VBWURWUVFLRXdsQmVHbHZiU0JUVTA4eFVUQlBCZ05WQkFzVFNFWlBVaUJFClJVMVBUbE5VVWtGVVNVOU9JRkJWVWxCUFUwVlRJRTlPVEZrdUlFUlBJRTVQVkNCVlUwVWdSazlTSUZCU1QwUlZRMVJKVDA0Z1JVNVcKU1ZKUFRrMUZUbFJUTGpFZk1CMEdBMVVFQXhNV1FYaHBiMjBnUkdWdGJ5QkRaWEowYVdacFkyRjBaVENDQWJnd2dnRXNCZ2NxaGtqTwpPQVFCTUlJQkh3S0JnUUQ5ZjFPQkhYVVNLVkxmU3B3dTdPVG45aEczVWp6dlJBRERIaitBdGxFbWFVVmRRQ0pSKzFrOWpWajZ2OFgxCnVqRDJ5NXRWYk5lQk80QWRORy95Wm1DM2E1bFFwYVNmbitnRWV4QWl3ays3cWRmK3Q4WWIrRHRYNThhb3BoVVBCUHVEOXRQRkhzTUMKTlZRVFdoYVJNdloxODY0cllkY3E3L0lpQXhtZDBVZ0J4d0lWQUpkZ1VJOFZJd3ZNc3BLNWdxTHJoQXZ3V0J6MUFvR0JBUGZob0lYVwptejNleTd5clhEYTRWN2w1bEsrNytqcnFndmxYVEFzOUI0Sm5VVmxYanJyVVdVL21jUWNRZ1lDMFNSWnhJK2hNS0JZVHQ4OEpNb3pJCnB1RThGbnFMVkh5TktPQ2pyaDRyczZaMWtXNmpmd3Y2SVRWaThmdGllZ0VrTzh5azhiNm9VWkNKcUlQZjRWcmxud2FTaTJaZWdIdFYKSldRQlREdit6MGtxQTRHRkFBS0JnUUNYcjFtcDRVdkJ5WTZkR2JET3lxM3dNczZPN01DeG1Fa1UyeDMyQWtFcDZzN1hmaXkzTVl3Swp3WlE0c0w0Qm1RWXpaN1FPWFBQOGRLZ3JLRFFLTGs5dFhXT2d2SW9PQ2lOQWRRRFlsUm0yc1lnckkyU1VjeU0xYktEcUx3REQ4WjVPCm9MZXVRQXRnTWZBcS9mMUM2blJFV3JRdWRQeE93YW9OZEhrWWNSKzA2Nk1oTUI4d0hRWURWUjBPQkJZRUZFMkpBYzk3d2ZISzViNDIKbktiQU5uNFNNY3FjTUFzR0J5cUdTTTQ0QkFNRkFBTXZBREFzQWhSK0NqdnA4VXdOZ0tIZngyUFdKb1JpMC8xcThBSVVOaFRYV2xHegpKM1NkQmxnUnNkRmdLeUZ0Y3hFPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzPjxzYW1sMnA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1sMnA6U3RhdHVzPjxzYW1sMjpBc3NlcnRpb24geG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfNmYzY2FiNi01ZjBlZjc0OSIgSXNzdWVJbnN0YW50PSIyMDE2LTA0LTA2VDA5OjU4OjE5Ljg4OVoiIFZlcnNpb249IjIuMCI+PHNhbWwyOklzc3Vlcj4zTVZHOVk2ZF9CdHA0eHA1bWd5N2hCZmhDYkxKdmtsR0l5V2Q4SFR1Z1p4ZGFwYzNYd0ZfNUtqZlZWbG1SSHJqdWRza2lHNnlua2o5dTRReWhhN29RPC9zYW1sMjpJc3N1ZXI+PHNhbWwyOlN1YmplY3Q+PHNhbWwyOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIi8+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE2LTA0LTA2VDA5OjU5OjE5Ljg4OVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9sb2dpbi5zYWxlc2ZvcmNlLmNvbS9zZXJ2aWNlcy9vYXV0aDIvdG9rZW4iLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNi0wNC0wNlQwOTo1ODoxOS44ODlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTYtMDQtMDZUMDk6NTk6MTkuODg5WiI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vbG9naW4uc2FsZXNmb3JjZS5jb208L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PHNhbWwyOkF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAxNi0wNC0wNlQwOTo1ODoxOS44ODlaIj48c2FtbDI6QXV0aG5Db250ZXh0PjxzYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3Nlczp1bnNwZWNpZmllZDwvc2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sMjpBdXRobkNvbnRleHQ+PC9zYW1sMjpBdXRoblN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ic3NvU3RhcnRQYWdlIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+aHR0cDovL2F4aW9tc3NvLmhlcm9rdWFwcC5jb20vUmVxdWVzdFNhbWxSZXNwb25zZS5hY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0ibG9nb3V0VVJMIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyIvPjwvc2FtbDI6QXR0cmlidXRlPjwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPjwvc2FtbDJwOlJlc3BvbnNlPg==";
samlResponse = base64URLencode(samlResponse);
//samlResponse = new String(Base64.decode(samlResponse));
//samlResponse= URLEncoder.encode(samlResponse);
//String assertion_type = URLEncoder.encode("urn:ietf:params:oauth:grant-type:saml2-bearer");
String assertion_type= URLEncoder.encode("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser") ;
String RequestBody
= "grant_type=assertion&"
+ "assertion_type=" + assertion_type
+ "&assertion=" + samlResponse
+ "&format=json&client_id=3MVG9Y6d_Btp4xp5mgy7hBfhCbLJvklGIyWd8HTugZxdapc3XwF_5KjfVVlmRHrjudskiG6ynkj9u4Qyha7oQ";
post.setEntity(new StringEntity(RequestBody));
HttpResponse response = httpclient.execute(post);
System.out.println(" execute of API " + EntityUtils.toString(response.getEntity()));