TechQA.

SSO with Onelogin against SSOCircle

446 views Asked by At

I am trying to use OneLogin demoapplication to authenticate against the SSOCircle. I have updated the properties and the certificate of the SSOCircle is set.How ever, I am not redirected to the SSOCircle to give user credentials. But rather get the following saml response code

SAMLRequest

<samlp:AuthnRequest AssertionConsumerServiceURL="http://localhost:8080/onelogin/acs.jsp"
    Destination="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp"
    ID="ONELOGIN_6e922e38-0222-4017-bb5c-990983b36014" IssueInstant="2017-08-31T09:24:07Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>debug.com</saml:Issuer><samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

SAMLResponse

<samlp:Response ID="s21b75294834dd375796520523a63538f7c32e2ace"
    InResponseTo="ONELOGIN_6e922e38-0222-4017-bb5c-990983b36014" IssueInstant="2017-08-31T09:24:13Z"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.ssocircle.com</saml:Issuer>
    <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"
            xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"
                xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"></samlp:StatusCode>
        </samlp:StatusCode>
    </samlp:Status>
</samlp:Response>

Please guide me why the request is not redirected to the SSOCircle to be able to give username and password.

Thanks.

Regards, Ajay

saml onelogin
Original Q&A
1

There are 1 answers

1
Hos On

Your SAML demo application is requesting a specific AuthnContext and SSOCircle IDP responds that the AuthnContext is not known.

Looking into your SAML Request reveals that the requested AuthnContext is

urn:oasis:names:tc:SAML:2.0:ac:classes:urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

which definitively looks more like a typo in the demo app. Try to change the value to

 urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Related Questions in SAML

Related Questions in ONELOGIN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions