Return-Path: <users-return-25576-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 194822007D0
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 10 May 2016 22:24:21 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 179D316098A; Tue, 10 May 2016 20:24:21 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 37E60160877
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 10 May 2016 22:24:20 +0200 (CEST)
Received: (qmail 30469 invoked by uid 500); 10 May 2016 20:24:19 -0000
Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:users@cloudstack.apache.org>
List-Id: <users.cloudstack.apache.org>
Reply-To: users@cloudstack.apache.org
Delivered-To: mailing list users@cloudstack.apache.org
Received: (qmail 30451 invoked by uid 99); 10 May 2016 20:24:18 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 May 2016 20:24:18 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 7E5CFC0187
	for <users@cloudstack.apache.org>; Tue, 10 May 2016 20:24:18 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.929
X-Spam-Level: *
X-Spam-Status: No, score=1.929 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, KAM_INFOUSMEBIZ=0.75, RCVD_IN_DNSWL_LOW=-0.7,
	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001]
	autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id v29EC08zTJ3j for <users@cloudstack.apache.org>;
	Tue, 10 May 2016 20:24:16 +0000 (UTC)
Received: from mail-lf0-f43.google.com (mail-lf0-f43.google.com [209.85.215.43])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 500D35F1E5
	for <users@cloudstack.apache.org>; Tue, 10 May 2016 20:24:15 +0000 (UTC)
Received: by mail-lf0-f43.google.com with SMTP id u64so27967195lff.3
        for <users@cloudstack.apache.org>; Tue, 10 May 2016 13:24:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to;
        bh=3davVRMa5ULEDKkhWLF+zTGH+5E990raNMdXtXMnQaE=;
        b=ha/Cqzn5nXaKiFIzr+htD5i4mwvLmlQv6szyRjLWJvM7gLhChCYeF8JBhlpnQyBBy+
         JnqDRyT7bqOOmhfNi5sph5tvnZytu00cvz9bXKeMepWW/ZE9q59PsTO+X+oKR65ffx4p
         2bNE3ElLeADDvxVvRVZuocY/sGNOWA2wINpC6LTODcXmy4KkuWzaMKJIsU/xiwYTVZXw
         vKujF8YbUHyiUopqF5byUhaCuDiMac8l7MyCB+n61q1P1YApF0XBeNyY+cpdpNfgZexu
         /GXOMCeXzMn5FUjFGo0dSjNUp4zgKH9xF9QQtLOhLJbL7/89ZN7F1q+9xKFZ6RJXundh
         ZsGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to;
        bh=3davVRMa5ULEDKkhWLF+zTGH+5E990raNMdXtXMnQaE=;
        b=d+8hV1LMBzlJG0YiebxA/TgccUp1AWRL+4u7cwymm9zg4RI/BDX0izGg3nYaqUxJWx
         nYFaQEAN0TEHWLkE+nxPOqDqt+1FziEV0njiLvYHiFwhG08bCmRpavIUlYaAs0qZ2SF/
         0U31DRssYMYt3COdUwLgKG276xJxluj2TbsXSFD+gD7Knjk/lhvrSHqFrvXi/aGzL9t6
         4g7hUrN4i8GgvmN9qrcGLKNdTo5b3x8mS9xegR0vr+yZsSHfnBGYXGi4FwR8K6t6tc/A
         5OoPClZb7DdRCt9zNjZsx0jNRwIeIo763+nZm6fB5BuG0GrhXF8MMceiY+CiredaGDFU
         VKlw==
X-Gm-Message-State: AOPr4FUBZ9knSKZHwyCOzuW9yrzTPhr6XEQc17afElW0tzj6jAgTuRzrJBgNLm/TCd2aabyWYg9E49IQtAWP/Q==
MIME-Version: 1.0
X-Received: by 10.112.52.196 with SMTP id v4mr15676812lbo.59.1462911853222;
 Tue, 10 May 2016 13:24:13 -0700 (PDT)
Received: by 10.114.176.68 with HTTP; Tue, 10 May 2016 13:24:13 -0700 (PDT)
In-Reply-To: <67721128.2901885.1462907057561.JavaMail.zimbra@rsantos.eti.br>
References: <67721128.2901885.1462907057561.JavaMail.zimbra@rsantos.eti.br>
Date: Tue, 10 May 2016 22:24:13 +0200
Message-ID: <CAP997Ue6xHiHQ2_fT-ofX=riqo8g8zkBEjEUMUQ7_VxmDSA+UQ@mail.gmail.com>
Subject: Re: ADFS + CloudStack problem
From: Erik Weber <terbolous@gmail.com>
To: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
Content-Type: multipart/alternative; boundary=001a11c3fe825963f9053282b576
archived-at: Tue, 10 May 2016 20:24:21 -0000

--001a11c3fe825963f9053282b576
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I haven't tried since I wrote that post, but it worked back then.

Any chance that you could translate the error messages?

Erik

Den tirsdag 10. mai 2016 skrev Igor S. Lopes <igor@rsantos.eti.br> f=C3=B8l=
gende:

> Hi,
> I am working with CloudStack and I'm indending to use it as a Service
> Provider connected through SSO with our Active Directory Federation Servi=
ce
> .
> I have no Idea how to allow CloudStack to authenticate on the ADFS .
> I tried to follow this guide
> http://www.terbolo.us/2015/06/how-to-set-up-apache-cloudstack-4-5-24-6-0-=
and-saml-2-0-authentication-against-microsoft-adfs/
> but
> a few problems showed up:
>
> 1 - Even though I had set the URL metadata to https://<domain>/Federation=
Metadata/2007-06/FederationMetadata.xml
> when I checked /var/log/cloudstack/management/management-server.log
> for error messages I saw a few saying that CloudStack couldn't retrieve
> the metadata file. So I did it manually.
>
> 2 - I configured the ADFS claims as showed in the 'how-to' but the
> following error message shows up on my ADFS Event Logs. I already spent a
> couple hours browsing about this error but
> nothing really usefull came up:
>
> Error code: 364
> (...)
> System.Xml.XmlException: MSIS0018: N=C3=A3o =C3=A9 poss=C3=ADvel ler a me=
nsagem do
> protocolo SAML porque ela cont=C3=A9m dados inv=C3=A1lidos. --->
> System.ArgumentException: ID4128: O valor n=C3=A3o =C3=A9 um ID de SAML v=
=C3=A1lido.
> Nome do par=C3=A2metro: value ---> System.Xml.XmlException: Um nome n=C3=
=A3o pode
> ser iniciado pelo caractere '7', valor hexadecimal 0x37.
> em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
> em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> --- Fim do rastreamento de pilha de exce=C3=A7=C3=B5es internas ---
> em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommon=
Attributes(XmlReader
> reader, SamlMessage message)
> --- Fim do rastreamento de pilha de exce=C3=A7=C3=B5es internas ---
> em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommon=
Attributes(XmlReader
> reader, SamlMessage message)
> em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadAuthnR=
equest(XmlReader
> reader)
> em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadSamlMe=
ssage(XmlReader
> reader, NamespaceContext context)
> em
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadPro=
tocolMessage(String
> encodedSamlMessage)
> em
> Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateF=
romNameValueCollection(Uri
> baseUrl, NameValueCollection collection)
> em
> Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer=
.ReadMessage(Uri
> requestUrl, NameValueCollection form)
> em
> Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.Create=
Message(WrappedHttpListenerRequest
> httpRequest)
> em
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProt=
ocolContextFromRequest(WrappedHttpListenerRequest
> request, ProtocolContext& protocolContext)
> em
> Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreatePro=
tocolContext(WrappedHttpListenerRequest
> request)
> em
> Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(W=
rappedHttpListenerRequest
> request, ProtocolContext& protocolContext, PassiveProtocolHandler&
> protocolHandler)
> em
> Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(Wrapped=
HttpListenerContext
> context)
>
> System.ArgumentException: ID4128: O valor n=C3=A3o =C3=A9 um ID de SAML v=
=C3=A1lido.
> Nome do par=C3=A2metro: value ---> System.Xml.XmlException: Um nome n=C3=
=A3o pode
> ser iniciado pelo caractere '7', valor hexadecimal 0x37.
> em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
> em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> --- Fim do rastreamento de pilha de exce=C3=A7=C3=B5es internas ---
> em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
> em
> Microsoft.IdentityServer.Protocols.Saml.SamlProtocolSerializer.ReadCommon=
Attributes(XmlReader
> reader, SamlMessage message)
>
> System.Xml.XmlException: Um nome n=C3=A3o pode ser iniciado pelo caracter=
e '7',
> valor hexadecimal 0x37.
> em System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType
> exceptionType)
> em Microsoft.IdentityModel.Tokens.Saml2.Saml2Id..ctor(String value)
>
>
> There is a few parts in brazilian portuguese, sorry about that.
> Did anyone succeeded in connecting CloudStack to an ADFS using the Saml
> plugin?
>
> Thank you in advance.
>
> Igor Steuck Lopes
>
> --
> Este email foi checado por SOPHOS UTM 9 SPAM &amp; Virus Firewall.
> http://www.rsantos.eti.br
>

--001a11c3fe825963f9053282b576--