cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: ADFS + CloudStack problem
Date Tue, 10 May 2016 20:57:39 GMT
Thanks, the error message seems to come from the ADFS server. Could you
intercept the SAML process?
For firefox there is a plugin called 'SAML Tracer', getting the output of
that could give us some hints.

-- 
Erik

On Tue, May 10, 2016 at 10:35 PM, Igor S. Lopes <igor@rsantos.eti.br> wrote:

> Hi, thank you for your answer. Here is the translated error message:
>
> System.Xml.XmlException: MSIS0018: The SAML protocol message cannot be
> read because it contains data that is not valid. --->
> System.ArgumentException: ID4128: The value is not a valid SAML ID.
> Parameter name: value ---> System.Xml.XmlException: Name cannot begin with
> the '7' character, hexadecimal value 0x37.
>    em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
>    em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>  --- End of inner exception stack trace ---
>    em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>    em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> reader, SamlMessage message)
>  --- End of inner exception stack trace ---
>    em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> reader, SamlMessage message)
>    em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader
> reader)
>    em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader
> reader, NamespaceContext context)
>    em
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String
> encodedSamlMessage)
>    em
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri
> baseUrl, NameValueCollection collection)
>    em
> Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri
> requestUrl, NameValueCollection form)
>    em
> Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest
> httpRequest)
>    em
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest
> request, ProtocolContext& protocolContext)
>    em
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest
> request)
>    em
> Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest
> request, ProtocolContext& protocolContext, PassiveProtocolHandler&
> protocolHandler)
>    em
> Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext
> context)
>
> System.ArgumentException: ID4128: The value is not a valid SAML ID.
> Parameter name: value ---> System.Xml.XmlException: Name cannot begin with
> the '7' character, hexadecimal value 0x37.
>    em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
>    em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>  --- End of inner exception stack trace ---
>    em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>    em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> reader, SamlMessage message)
>
> System.Xml.XmlException: Name cannot begin with the '7' character,
> hexadecimal value 0x37.
>    em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
>    em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>
> There is a huge chance that I configured something wrong.
>
> Igor Steuck Lopes
>
>
> ----- Mensagem original -----
> De: "Erik Weber" <terbolous@gmail.com>
> Para: "users" <users@cloudstack.apache.org>
> Enviadas: Terça-feira, 10 de maio de 2016 17:24:13
> Assunto: Re: ADFS + CloudStack problem
>
> I haven't tried since I wrote that post, but it worked back then.
>
> Any chance that you could translate the error messages?
>
> Erik
>
> Den tirsdag 10. mai 2016 skrev Igor S. Lopes <igor@rsantos.eti.br>
> følgende:
>
> > Hi,
> > I am working with CloudStack and I'm indending to use it as a Service
> > Provider connected through SSO with our Active Directory Federation
> Service
> > .
> > I have no Idea how to allow CloudStack to authenticate on the ADFS .
> > I tried to follow this guide
> >
> http://www.terbolo.us/2015/06/how-to-set-up-apache-cloudstack-4-5-24-6-0-and-saml-2-0-authentication-against-microsoft-adfs/
> > but
> > a few problems showed up:
> >
> > 1 - Even though I had set the URL metadata to https://
> <domain>/FederationMetadata/2007-06/FederationMetadata.xml
> > when I checked /var/log/cloudstack/management/management-server.log
> > for error messages I saw a few saying that CloudStack couldn't retrieve
> > the metadata file. So I did it manually.
> >
> > 2 - I configured the ADFS claims as showed in the 'how-to' but the
> > following error message shows up on my ADFS Event Logs. I already spent a
> > couple hours browsing about this error but
> > nothing really usefull came up:
> >
> > Error code: 364
> > (...)
> > System.Xml.XmlException: MSIS0018: Não é possível ler a mensagem do
> > protocolo SAML porque ela contém dados inválidos. --->
> > System.ArgumentException: ID4128: O valor não é um ID de SAML válido.
> > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode
> > ser iniciado pelo caractere '7', valor hexadecimal 0x37.
> > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> > exceptionType)
> > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> > --- Fim do rastreamento de pilha de exceções internas ---
> > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> > reader, SamlMessage message)
> > --- Fim do rastreamento de pilha de exceções internas ---
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> > reader, SamlMessage message)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnRequest(XmlReader
> > reader)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMessage(XmlReader
> > reader, NamespaceContext context)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String
> > encodedSamlMessage)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri
> > baseUrl, NameValueCollection collection)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri
> > requestUrl, NameValueCollection form)
> > em
> >
> Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest
> > httpRequest)
> > em
> >
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest
> > request, ProtocolContext& protocolContext)
> > em
> >
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest
> > request)
> > em
> >
> Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest
> > request, ProtocolContext& protocolContext, PassiveProtocolHandler&
> > protocolHandler)
> > em
> >
> Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext
> > context)
> >
> > System.ArgumentException: ID4128: O valor não é um ID de SAML válido.
> > Nome do parâmetro: value ---> System.Xml.XmlException: Um nome não pode
> > ser iniciado pelo caractere '7', valor hexadecimal 0x37.
> > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> > exceptionType)
> > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> > --- Fim do rastreamento de pilha de exceções internas ---
> > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> > em
> >
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommonAttributes(XmlReader
> > reader, SamlMessage message)
> >
> > System.Xml.XmlException: Um nome não pode ser iniciado pelo caractere
> '7',
> > valor hexadecimal 0x37.
> > em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> > exceptionType)
> > em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> >
> >
> > There is a few parts in brazilian portuguese, sorry about that.
> > Did anyone succeeded in connecting CloudStack to an ADFS using the Saml
> > plugin?
> >
> > Thank you in advance.
> >
> > Igor Steuck Lopes
> >
> > --
> > Este email foi checado por SOPHOS UTM 9 SPAM &amp; Virus Firewall.
> > http://www.rsantos.eti.br
> >
>
> --
> Este email foi checado por SOPHOS UTM 9 SPAM &amp; Virus Firewall.
> http://www.rsantos.eti.br
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message