Return-Path: 
 <dev-return-8165-apmail-santuario-dev-archive=santuario.apache.org@santuario.apache.org>
X-Original-To: apmail-santuario-dev-archive@www.apache.org
Delivered-To: apmail-santuario-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1C83C10CAC
	for <apmail-santuario-dev-archive@www.apache.org>;
 Wed, 24 Jul 2013 17:22:31 +0000 (UTC)
Received: (qmail 82121 invoked by uid 500); 24 Jul 2013 17:22:31 -0000
Delivered-To: apmail-santuario-dev-archive@santuario.apache.org
Received: (qmail 81849 invoked by uid 500); 24 Jul 2013 17:22:25 -0000
Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@santuario.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@santuario.apache.org>
List-Post: <mailto:dev@santuario.apache.org>
List-Id: <dev.santuario.apache.org>
Reply-To: dev@santuario.apache.org
Delivered-To: mailing list dev@santuario.apache.org
Received: (qmail 81842 invoked by uid 99); 24 Jul 2013 17:22:24 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Jul 2013 17:22:24 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jacob.errol@gmail.com
 designates 209.85.192.181 as permitted sender)
Received: from [209.85.192.181] (HELO mail-pd0-f181.google.com)
 (209.85.192.181)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Jul 2013 17:22:19 +0000
Received: by mail-pd0-f181.google.com with SMTP id g12so129165pdj.12
        for <dev@santuario.apache.org>; Wed, 24 Jul 2013 10:21:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=AN78YLzDMYEva3DILQReokXaethoYrl6IBCzqTK+Yz0=;
        b=kTpxA7Cx+ZtWUonT13EEu4WvRVPmhtw0R0+o77NmKWsRmxsNwx9tEKAb0aFQhyONzK
         rFuMA/PwJ/rcxymQkvlLzr9l+RfsRaPS2TG9dZKCmPhVG8rL4CE/fFTB1TFYfx0fJ+Up
         11/jMvp6D6KtCBD2J3BxVUR/WphzstcHhEC0W2HB6jxtBUSkyxWCXDYeY1xLmHlSUa0/
         Sn6QDJmebNjukTsDotparc8NQ1V7UsxkOoBxFK/7q5uzDTxIIIA+UPork6XviklDzOga
         N6gwAiPLou3cvHhqP9Oid4lZXnZsECX0YjoRtl0Ir/yvf3+hTGlZYz48gmoPK+mYwyYg
         PtpA==
MIME-Version: 1.0
X-Received: by 10.68.224.66 with SMTP id ra2mr43946319pbc.41.1374686518776;
 Wed, 24 Jul 2013 10:21:58 -0700 (PDT)
Received: by 10.68.12.99 with HTTP; Wed, 24 Jul 2013 10:21:58 -0700 (PDT)
Date: Wed, 24 Jul 2013 13:21:58 -0400
Message-ID: 
 <CAA+2-uqKNfmmvHOby3pb8tbk29cmi9a-8X=PtEcmDarKnYu7Xw@mail.gmail.com>
Subject: Unable to locate satisfiable bearer SubjectConfirmation in assertion
From: Jacob Johnson <jacob.errol@gmail.com>
To: dev@santuario.apache.org
Content-Type: multipart/alternative; boundary=047d7b2ed885a11a6504e245253c
X-Virus-Checked: Checked by ClamAV on apache.org

--047d7b2ed885a11a6504e245253c
Content-Type: text/plain; charset=ISO-8859-1

I need some help understanding an error provided by the SP.  The error
message looks like this:

opensaml::FatalProfileException at (http://localhost/login/SAML2/POST)

Unable to locate satisfiable bearer SubjectConfirmation in assertion.

The subject in my SAML assertion looks like this:

<saml:Subject><saml:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">999999000</saml:NameID><saml:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData
NotOnOrAfter="2013-07-24T17:08:34.262Z" Recipient="http://ip-10-15-141-173.[my
company
domain].com/login/SAML2/POST"/></saml:SubjectConfirmation></saml:Subject>

I suspect it has something to do with either: 1.) the Format of NameID or
2.) the Recipient URL name does not match URL in the error message.

I don't have control over the SAML format as the IDP is controlled by
another department in my company.

Any help/direction would be appreciated.

Jake

--047d7b2ed885a11a6504e245253c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I need some help understanding an error provided by t=
he SP. =A0The error message looks like this:</div><div><br></div><div><p cl=
ass=3D"" style=3D"color:rgb(0,0,0)"><font face=3D"courier new, monospace">o=
pensaml::FatalProfileException at (<a href=3D"http://localhost/login/SAML2/=
POST">http://localhost/login/SAML2/POST</a>)</font></p>
<p style=3D"color:rgb(0,0,0)"><font face=3D"courier new, monospace">Unable =
to locate satisfiable bearer SubjectConfirmation in assertion.</font></p></=
div><div><br></div><div>The subject in my SAML assertion looks like this:</=
div>
<div><br></div><font face=3D"courier new, monospace">&lt;saml:Subject&gt;&l=
t;saml:NameID Format=3D&quot;urn:oasis:names:tc:SAML:1.1:nameid-format:unsp=
ecified&quot;&gt;999999000&lt;/saml:NameID&gt;&lt;saml:SubjectConfirmation =
Method=3D&quot;urn:oasis:names:tc:SAML:2.0:cm:bearer&quot;&gt;&lt;saml:Subj=
ectConfirmationData NotOnOrAfter=3D&quot;2013-07-24T17:08:34.262Z&quot; Rec=
ipient=3D&quot;<a href=3D"http://ip-10-15-141-173.">http://ip-10-15-141-173=
.</a>[my company domain].com/login/SAML2/POST&quot;/&gt;&lt;/saml:SubjectCo=
nfirmation&gt;&lt;/saml:Subject&gt;</font><br>
<div><br></div><div>I suspect it has something to do with either: 1.) the F=
ormat of NameID or 2.) the Recipient URL name does not match URL in the err=
or message.<br></div><div><br></div><div>I don&#39;t have control over the =
SAML format as the IDP is controlled by another department in my company.</=
div>
<div><br></div><div>Any help/direction would be appreciated.</div><div><br>=
</div><div>Jake</div></div>

--047d7b2ed885a11a6504e245253c--