...
Code Block | ||
---|---|---|
| ||
<samlp:Response ID="_9466a2eb-3e08-4638-8417-4443070d2860" Version="2.0" IssueInstant="2021-04-23T08:05:17.781Z" Destination="https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService/Saml2/Acs" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="id14752337c09e4ff19b7cc1089a985597" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://ad-host.digizuite.app/adfs/services/trust</Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp:Status> <Assertion ID="_710b91a5-f1e9-496e-9765-659795675aa1" IssueInstant="2021-04-23T08:05:17.780Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> <Issuer>http://ad-host.digizuite.app/adfs/services/trust</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_710b91a5-f1e9-496e-9765-659795675aa1"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>mTY/O/ujMR/6s+/VoRqVMfKG47QtXxl1puSB05/6GOU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>QQhk5ARL7jhhgLF/qu0UOx9ZrvYjRUfDgHx2ZVft0vmnekE9EojR7onh4RfZX/sY/mRn/y4ovx9WbjoP2KXSjJ+ZeiUt590bo1WgqkhUujszWEOpxJSjXBo1TVj7yVrNET+a1pA5KVlGy+s5e/fHRYD1Rzvue+LSR6ZuMeBXGJyCM+iWCaNqS5Co7WIGxP6E35BXY+tgQSXz8dCSoRqdQppcsl+kfIC5wIKYGp529Y1Pmyr5jsnKQYZbKxTo0g3tVkYQLK93svGNLlPLuEm5bqjC5hrfeCAbEXPbZRVe9KuYwIJg1FU20HWllSOb2uMsuVXQs1Swn9creZIXTemZVg==</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIC5jCCAc6gAwIBAgIQFFXnNrtUPoVJThePVJ/VazANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZC1ob3N0LmRpZ2l6dWl0ZS5hcHAwHhcNMjAwOTE0MTE0MDM4WhcNMjEwOTE0MTE0MDM4WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZC1ob3N0LmRpZ2l6dWl0ZS5hcHAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCetlw5XG1rFX02eTnGdvQN2xcZ8Q/tNSR4iHCBCVCL53kqzA8Ds39QRRw1RbwJ37dqc87oZBHy+nJTBlGfKKcqizAUHYQAK3r0oL2IeXUqIdrtcCdrNjeeaBRU6JQGuj39BDujYcYHTD4hXbFRAmNNAZGhK+FcAdhH7m5h6wcQg1oTie5tmkgGeRFDd7nXQX/lSqYQ/KfjSd3G/t0uCQtA8a7Sqdr0PIP5kDdHW9gejIF9Ke/ltnzx4gjnq938X0VY90qzWiigdNULVrXZ6EYypI7LBHvdKCT/dbUAXfvvZCEAAd+EUUdcOC5FF/FD5RaJVXE89whz0dV1tnXkI8YJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJqSc3KCMSo5/i16XsWaijMpCTl5tqtqQnXfL+I3XOw06QaZbYwsQc91GbrqkH5jfl8DsLBuMaeYc5baRMzGrh6qaHfFcUNQ7E4jf42gfmzvqxbQDpTwTCR0EO0eGXNHANHflz4Oob3rPuX31y26wuDngUlyzRj/DltCZENTQQlD9ZYT+2Lp0EYd8r0UC5FfxrWoYCJJnpFTeps7iwh4G8OEW+xa6TZuQL7dk5KCdM84cgkHznLvZ++MV7OI69ye1cHvIEI7+Gr9hLxs04BU7U9qQ5n/USbo+DKN6ZQe45XApTSVLkE2lFw8zdzXM0yvxKPXUDTcXNmrA3tNYxpcMKg=</ds:X509Certificate> </ds:X509Data> </KeyInfo> </ds:Signature> <Subject> <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <SubjectConfirmationData InResponseTo="id14752337c09e4ff19b7cc1089a985597" NotOnOrAfter="2021-04-23T08:10:17.781Z" Recipient="https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService/Saml2/Acs" /> </SubjectConfirmation> </Subject> <Conditions NotBefore="2021-04-23T08:05:17.774Z" NotOnOrAfter="2021-04-23T09:05:17.774Z"> <AudienceRestriction> <Audience>https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService</Audience> </AudienceRestriction> </Conditions> <AttributeStatement> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> <AttributeValue>mb@digizuite.app</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> <AttributeValue>mb@digizuite.com</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"> <AttributeValue>Boisen</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"> <AttributeValue>Morten</AttributeValue> </Attribute> <Attribute Name="http://schemas.xmlsoap.org/claims/Group"> <AttributeValue>digizuite\Domain Users</AttributeValue> <AttributeValue>digizuite\Super administrator</AttributeValue> <AttributeValue>S-1-5-21-2750658348-810332529-726732757-513</AttributeValue> <AttributeValue>S-1-5-21-2750658348-810332529-726732757-1106</AttributeValue> </Attribute> </AttributeStatement> <AuthnStatement AuthnInstant="2021-04-23T08:05:17.679Z"> <AuthnContext> <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef> </AuthnContext> </AuthnStatement> </Assertion> </samlp:Response> |
Note we do not support the SHA1 encryption: <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
When the IdP has been configured correctly then get the Metadatafederation url for next step.
...
In the Binding group name you can input either the domain/groupname or the group SID.
Troubleshooting
You can enable the logging of SSO in the DAM website folder\DigizuiteCore\loginservice\appsettings.json
By setting the "EnableLocalLogging": true
That will give you more information on the errors you encounter
Known issues
/wiki/spaces/PSBOK/pages/2262040577
...
Setup of connectors or media manager:
Set a connector or Media manager to use SSO login