[Satosa-dev] Federeated domaian in AAD authenticate with IDP pysaml2 sample.

Gustavo Duarte gus.duarte at gmail.com
Sat Mar 21 19:30:42 UTC 2020


I tried another test.

I test pysaml2 IDP against https://samltest.id site.

And following error was reported:

opensaml::FatalProfileException at (
https://samltest.id/Shibboleth.sso/SAML2/POST)
Unable to establish security of incoming assertion.

In SP log following error line are showed:

2020-03-21 13:01:09 WARN Shibboleth.SSO.SAML2 [3878] [default]: detected a
problem with assertion: Unable to establish security of incoming assertion.
2020-03-21 13:01:09 WARN Shibboleth.SSO.SAML2 [3878] [default]: error
processing incoming assertion: Unable to establish security of incoming
assertion.

That confirm to me, some configuration is wrong.


El sáb., 21 mar. 2020 a las 0:18, Gustavo Duarte (<gus.duarte at gmail.com>)
escribió:
>
> Sorry if this ml isn’t right place, but what I don’t  understand is that
the federated domain and idp certificates is the same. I take special
attention on that.
> I would like to know how to debug this.
>
> Thanks Giuseppe
>
>
> El El vie, 20 de mar. de 2020 a la(s) 22:43, Giuseppe De Marco <
giuseppe.demarco at unical.it> escribió:
>>
>> Hi Gustavo,
>>
>> I don't know if this Is the right ml for this, btw I think that you
should use a powershell prompt to set/update/register your new certificates.
>>
>> Many docs and articles on the web show how to do this
>>
>> Regards
>>
>> Il sab 21 mar 2020, 01:23 Gustavo Duarte <gus.duarte at gmail.com> ha
scritto:
>>>
>>> Hi all,
>>>
>>> I configured a federated domain in my Azure AD tennant to be
>>> authenticated against an IDP based on pysaml IDP sample.
>>>
>>> When I try logging in https://portal.azure.com with an
>>> user at myfedereteddoaim.com, following error happens:
>>>
>>> AADSTS50008: Unable to verify token signature. The signing key
>>> identifier does not match any valid registered keys.
>>>
>>> Any suggestions?
>>>
>>> Thanks in advance.
>>>
>>> Regards.
>>>
>>> _______________________________________________
>>> Satosa-dev mailing list
>>> Satosa-dev at lists.sunet.se
>>> https://lists.sunet.se/listinfo/satosa-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sunet.se/pipermail/satosa-dev/attachments/20200321/f6f31209/attachment.html>


More information about the Satosa-dev mailing list