By: Rohit Joshi user 25 Jul 2016 at 5:45 a.m. CDT

6 Responses

Hi There, I am trying to achieve SAML SSO with Salesforce and GLUU using below documentation - https://www.gluu.org/docs/integrate/salesforce-sso/ I have gone through step-wise configuration and completed Salesforce configurations. Then, downloaded Metadata from it and uploaded to GLUU GUI using 'File' upload option. Thus, Completed adding Trust relationships. Now, While performing SP-Init SSO from Salesforce, I am getting error as below - Error Message - Message did not meet security requirements When checked idp-process.log, i got my hand over this details - ``` 06:45:45.187 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:195] - Simple signature validation (with no request-derived credentials) failed 06:45:45.187 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:138] - Validation of request simple signature failed for context issuer: https://<My_Domain>.my.salesforce.com 06:45:45.193 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406] - Message did not meet security requirements org.opensaml.ws.security.SecurityPolicyException: Validation of request simple signature failed for context issuer at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.doEvaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:139) ~[opensaml-2.6.6.jar:na] at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.evaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:103) ~[opensaml-2.6.6.jar:na] at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51) ~[openws-1.5.6.jar:na] at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132) ~[openws-1.5.6.jar:na] at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83) ~[openws-1.5.6.jar:na] at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70) ~[opensaml-2.6.6.jar:na] at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.decodeRequest(SSOProfileHandler.java:386) [shibboleth-identityprovider-2.4.5.jar:na] at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.performAuthentication(SSOProfileHandler.java:211) [shibboleth-identityprovider-2.4.5.jar:na] at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:189) [shibboleth-identityprovider-2.4.5.jar:na] at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:90) [shibboleth-identityprovider-2.4.5.jar:na] at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.4.5.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) [servlet-api.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) [catalina.jar:7.0.65] ``` Could you please let me know here what is going wrong ? As I am new to shibboleth, I am stuck at how to proceed next. Best Regards,

U1404

closed

By Mohib Zico staff 25 Jul 2016 at 6:11 a.m. CDT

Copy

Hi Rohit, Please check these two video tutorials, might be helpful: 1. [Salesforce.com SSO configuration with Gluu Server, Part 1](https://www.youtube.com/watch?v=0qQimGWi3_8) 2. [Salesforce.com SSO configuration with Gluu Server, Part 2](https://www.youtube.com/watch?v=UZKaq5BFloo)

By Rohit Joshi user 25 Jul 2016 at 8:44 a.m. CDT

Copy

Hi Mohib, I again re-configured my SAML settings as per mentioned in video. But now I am landing on following error - Error Message - SAML 2 SSO profile is not configured for relying party 'https://<My_Domain>.my.salesforce.com' What could be issue here ? Could you please guide here ? Thanks in advance..!

By Mohib Zico staff 26 Jul 2016 at 4:32 p.m. CDT

Copy

>> Error Message - SAML 2 SSO profile is not configured for relying party 'https://<My_Domain>.my.salesforce.com' Have you configured relying party?

By Rohit Joshi user 27 Jul 2016 at 1:41 a.m. CDT

Copy

Hi Mohib, Thanks for replying.! I have added trust relationship for Salesforce using File upload option of Metadata which i downloaded from salesforce. This will add Relying Party right ? OR do I have to make any other configurations ? Best Regards,

By Mohib Zico staff 27 Jul 2016 at 2:04 a.m. CDT

Copy

>> This will add Relying Party right ? OR do I have to make any other configurations ? From [doc](https://gluu.org/docs/integrate/salesforce-sso/), search for 'Configure Specific Relying' or in [video](https://www.youtube.com/watch?v=UZKaq5BFloo), check how it's configured at 2:40 min timeframe.

By Rohit Joshi user 01 Aug 2016 at 1:38 a.m. CDT

Copy

Hi Mohib, I did updated these settings. But I am again getting First error as ' Error Message - Message did not meet security requirements'. Do i am missing anything here ? Can you have one meeting/demo with me whether I can show you off my queries ? Waiting for reply.. Best Regards,

You need to Login in order to post an answer

SAML SSO is failing for Salesforce(SP) and GLUU(Shibbboleth IdP)

By: Rohit Joshi user 25 Jul 2016 at 5:45 a.m. CDT

Answers

By Mohib Zico staff 25 Jul 2016 at 6:11 a.m. CDT

By Rohit Joshi user 25 Jul 2016 at 8:44 a.m. CDT

By Mohib Zico staff 26 Jul 2016 at 4:32 p.m. CDT

By Rohit Joshi user 27 Jul 2016 at 1:41 a.m. CDT

By Mohib Zico staff 27 Jul 2016 at 2:04 a.m. CDT

By Rohit Joshi user 01 Aug 2016 at 1:38 a.m. CDT

Post an answer