如何在Open edX中进行SAML配置

时间:2019-07-17 13:24:47

标签: openedx

在使用SAML配置打开的edX时,我们有些卡住,总是遇到如下错误。

将您登录Open edX时发生错误。 很抱歉,您无权通过此频道访问Open edX。请访问您的学习管理员或经理,以访问Open edX。

错误详细信息: 身份验证失败:SAML登录失败:[‘invalid_response’](签名验证失败。SAML响应被拒绝)

我的回复XML-

<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
Destination="//mydomain.com/auth/complete/tpa-saml/" ID="_ceda2f09c9eb1328149635a250ae873c" InResponseTo="ONELOGIN_064e212820509b50cec4997debfe864773a05884" IssueInstant="2019-07-17T07:18:48.742Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_ceda2f09c9eb1328149635a250ae873c"><ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>JtwMHrXEGMjCSUTBmyAmytO9skLcvfyCq+Y9+tPawfs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>hPaxbR20MMr53MjnI9tJqHn+rNrJ2SlvlvrQWwSuCYMkcYtM5YNsAeJRGLN7VEW483vM6X/LSPZaEixusOh7hpUxljE1Wu48mWP4tKRVxhZw5lMtRrxnWri9mUWoyS0Rj1VCTXGIz5O6CkuSts/yxUp7iVlOf7e/5EXwZXGQGfBZUTJwCOihhWDIRH8LbuO0pv5FefB5z2JcHuzeCZe9Q0u6cY8jPNrGXqshOWlLED2Yz0TBWBiakQHDoZ9Y6Hz3mlVzKN5imvmk8MPC1aZJL0AhuAh5LfdAvlfAQvWxOKRAvafTJ8v7KifiYMMrgBfnutZZquolygO6Pn6dN+/eKA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data>
<ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_6856f81359f23314ed2bfd9777bdf5d1" IssueInstant="2019-07-17T07:18:48.742Z" Version="2.0">
<saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
<saml2:Subject>
<saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://samltest.id/saml/idp" SPNameQualifier="mydomain.com">AAdzZWNyZXQxAb0UkAJB167sZrw/SL0Imbiss8O+L+GuFqIN+qVlKEA7sVTVfo0Bi7Clxr5/shg30DCKbehpGM5j11NNGpJxNprTL0Glf4Xa5OoMWSEQDUcLasnqT3C/OTbSVJ7U8eTlM3p0</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="172.31.23.69" InResponseTo="ONELOGIN_064e212820509b50cec4997debfe864773a05884" NotOnOrAfter="2019-07-17T07:23:48.746Z" Recipient="ain.com/auth/complete/tpa-saml/"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2019-07-17T07:18:48.742Z" NotOnOrAfter="2019-07-17T07:23:48.742Z">
<saml2:AudienceRestriction>
<saml2:Audience>mydomain.com</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2019-07-17T07:14:46.341Z" SessionIndex="_8da12e95dc83a0e51c15f72aae0fceea">
<saml2:SubjectLocality Address="172.31.23.69"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>morty</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="telephoneNumber" Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="role" Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Smith</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>Mortimer</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion></saml2p:Response>

和错误日志-

7月17日03:18:49 ubuntu [service_variant = lms] [社交] [env:sandbox]错误[ubuntu 58740] [middleware.py:36]-身份验证失败:SAML登录失败:['invalid_response'](签名验证失败。SAML响应被拒绝)

请查看是否可以提供帮助。

0 个答案:

没有答案
相关问题
最新问题