ComponentSpace

Forums



The SAML assertion signature failed to verify


The SAML assertion signature failed to verify

Author
Message
jcastleman-cae
jcastleman-cae
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 8
Having problems getting a 3rd party vendor application configured to work with my ADFS server. I have supplied the SAML Logs below. I think it is a certificate mismatch issue, but for the life of me, I can't figure out how to get the right combination configured. 
Please note that I have redacted or supplied fake values for as much customer-specific information or names as to protect the customer's privacy. Relevant certificate thumbprints or serial numbers are all original. 


2023-03-08 15:50:40.583 +00:00 [WRN] Using an in-memory repository. Keys will not be persisted to storage.
2023-03-08 15:50:40.598 +00:00 [WRN] Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when application exits.
2023-03-08 15:50:40.657 +00:00 [WRN] No XML encryptor configured. Key "1a782795-33aa-469b-9126-b2c1cd7e6917" may be persisted to storage in unencrypted form.
2023-03-08 15:50:42.052 +00:00 [INF] ComponentSpace.Saml2, Version=3.0.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET Standard build, Licensed.
2023-03-08 15:50:42.060 +00:00 [INF] CLR: .NET Core 4.6.28207.03, OS: Microsoft Windows 10.0.17763 , Culture: English (United States)
2023-03-08 15:50:42.060 +00:00 [DBG] Configuration resolver: ComponentSpace.Saml2.Configuration.Resolver.SamlConfigurationResolver
2023-03-08 15:50:42.060 +00:00 [DBG] Certificate manager: ComponentSpace.Saml2.Certificates.CertificateManager
2023-03-08 15:50:42.060 +00:00 [DBG] ID cache: ComponentSpace.Saml2.Cache.DistributedIDCache
2023-03-08 15:50:42.060 +00:00 [DBG] Artifact cache: ComponentSpace.Saml2.Cache.DistributedArtifactCache
2023-03-08 15:50:42.060 +00:00 [DBG] SSO session store: ComponentSpace.Saml2.Session.DistributedSsoSessionStore
2023-03-08 15:50:42.270 +00:00 [DBG] SAML configuration:
{
"Configurations": [
  {
  "LocalServiceProviderConfiguration": {
   "AssertionConsumerServiceUrl": "https://redacted/SAMLAuth/SAML/AssertionConsumerService",
   "Description": "SAML Authentication API",
   "LocalCertificates": [
    {
    "Thumbprint": "1f26490e2543e2e5f9799775934e1b290299898a"
    }
   ],
   "Name": "https://redacted/SAMLAuth"
  },
  "PartnerIdentityProviderConfigurations": [
   {
    "Description": "Example Identity Provider",
    "Name": "http://redacted/adfs/services/trust",
    "PartnerCertificates": [
    {
     "FileName": "certificates/ADFS.cer"
    }
    ],
    "SignAuthnRequest": true,
    "SingleLogoutServiceUrl": "https://redacted/adfs/ls/",
    "SingleSignOnServiceUrl": "https://redacted/adfs/ls/"
   }
  ]
  }
]
}
2023-03-08 15:50:42.270 +00:00 [DBG] The SAML SSO environment has been successfully initialized.
2023-03-08 15:50:42.394 +00:00 [DBG] Initiating SSO to the partner identity provider http://redacted/adfs/services/trust.
2023-03-08 15:50:42.430 +00:00 [DBG] The SSO session ID 1bcf0bee-68db-40ea-97f9-6ec5b772bb1b has been saved to the saml-session cookie.
2023-03-08 15:50:42.431 +00:00 [DBG] HTTP cookie: saml-session=1bcf0bee-68db-40ea-97f9-6ec5b772bb1b; Path=/; SameSite=None; Secure; HttpOnly
2023-03-08 15:50:42.439 +00:00 [DBG] SSO session state is being initialized.
2023-03-08 15:50:42.443 +00:00 [DBG] SSO session state for saml-session-1bcf0bee-68db-40ea-97f9-6ec5b772bb1b-SamlState is being saved to the distributed cache.
2023-03-08 15:50:42.463 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b):
SP state:

2023-03-08 15:50:42.479 +00:00 [DBG] Constructing an authn request.
2023-03-08 15:50:42.491 +00:00 [DBG] Authn request: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest>
2023-03-08 15:50:42.491 +00:00 [DBG] SSO session state for saml-session-1bcf0bee-68db-40ea-97f9-6ec5b772bb1b-SamlState is being saved to the distributed cache.
2023-03-08 15:50:42.536 +00:00 [DBG] Searching the LocalMachine My X.509 store for the certificate with find type: FindByThumbprint and find value: 1f26490e2543e2e5f9799775934e1b290299898a.
2023-03-08 15:50:42.547 +00:00 [DBG] The X.509 certificate with subject name CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 0C5A09D6805D7E692EB37F7DD560140E has been loaded.
2023-03-08 15:50:42.565 +00:00 [DBG] The X.509 certificate with subject name CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 0C5A09D6805D7E692EB37F7DD560140E has been cached.
2023-03-08 15:50:42.585 +00:00 [DBG] Sending a SAML message over HTTP-Redirect.
2023-03-08 15:50:42.586 +00:00 [DBG] Creating an HTTP-Redirect URL.
2023-03-08 15:50:42.586 +00:00 [DBG] SAML request: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest>
2023-03-08 15:50:42.586 +00:00 [DBG] Relay State: https://redacted/iFox/?ReturnUrl=%2f
2023-03-08 15:50:42.588 +00:00 [DBG] Encoding SAML message: <samlp:AuthnRequest ID="_3f252929-9642-4730-ac1a-31c1365f8c06" Version="2.0" IssueInstant="2023-03-08T15:50:42Z" Destination="https://redacted/adfs/ls/" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://redacted/SAMLAuth/SAML/AssertionConsumerService" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://redacted/SAMLAuth</saml:Issuer><samlp:NameIDPolicy AllowCreate="true" /></samlp:AuthnRequest>
2023-03-08 15:50:42.593 +00:00 [DBG] Encoded SAML message: jZLLTsMwEEV/xfI+dR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15/4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H/LXGIzea6WBDoGfp2u+VsHJsu+mQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ/kE
2023-03-08 15:50:42.597 +00:00 [DBG] Signing data: 53 41 4d 4c 52 65 71 75 65 73 74 3d 6a 5a 4c 4c 54 73 4d 77 45 45 56 25 32 46 78 66 49 25 32 42 64 52 35 4e 61 61 30 32 55 6d 69 46 69 46 51 67 61 67 4d 4c 4e 73 67 34 44 72 58 6b 32 4d 48 6a 46 50 68 37 38 6b 42 51 46 6c 52 49 58 6c 69 6a 75 58 50 50 58 4d 30 53 57 4b 30 61 6d 72 62 75 6f 48 66 69 74 52 58 67 55 4c 5a 5a 34 61 65 6f 43 75 4e 77 45 53 36 38 78 57 77 61 65 74 4f 4c 79 50 63 59 44 35 67 58 42 54 79 49 5a 6e 45 31 35 25 32 46 34 4d 6f 77 64 68 51 52 71 39 77 75 48 45 78 79 67 44 61 45 57 6d 77 54 48 74 75 70 49 66 52 70 37 66 76 58 6b 52 78 44 54 32 36 54 52 38 78 47 6a 54 4f 55 6a 4e 33 4b 41 36 4f 4e 63 41 4a 61 51 53 70 62 42 44 62 63 4a 6a 35 6d 44 43 54 55 31 59 57 51 46 52 51 44 43 36 4d 70 61 4c 41 58 47 46 4b 36 5a 41 39 46 59 35 41 35 42 48 38 56 33 4a 72 58 47 47 47 33 55 70 64 53 6e 31 79 77 71 33 56 6c 50 44 51 41 4c 56 72 42 5a 41 48 61 66 37 39 47 5a 4c 4f 31 54 36 50 44 59 42 76 53 36 4b 33 4d 76 76 39 67 56 47 4b 59 43 77 50 63 50 61 61 47 68 72 59 66 66 43 48 69 55 58 39 37 76 74 44 79 6d 50 56 51 31 65 4b 59 34 6e 6f 50 33 55 6e 6f 37 30 48 25 32 46 4c 58 47 49 7a 65 61 36 57 42 44 6f 47 66 70 32 75 25 32 42 56 73 48 4a 73 75 25 32 42 6d 51 36 37 32 52 48 39 65 33 67 55 7a 45 75 44 6b 50 39 68 4c 63 6d 49 79 4f 6a 62 30 74 70 75 61 62 58 4b 6a 4a 50 39 41 71 56 4c 6d 62 57 30 46 63 31 33 63 7a 72 62 64 4c 69 51 5a 5a 62 39 50 4a 25 32 46 6b 45 26 52 65 6c 61 79 53 74 61 74 65 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 63 35 6c 6d 73 2d 64 65 76 2e 63 35 61 74 73 2e 63 6f 6d 25 32 46 69 46 6f 78 25 32 46 25 33 46 52 65 74 75 72 6e 55 72 6c 25 33 44 25 32 35 32 66 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
2023-03-08 15:50:42.597 +00:00 [DBG] Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
2023-03-08 15:50:42.614 +00:00 [DBG] Signature: 1b a5 d1 af b5 ac 88 7d c9 81 f5 8e e3 24 22 1d fb ff 35 52 c6 4d a6 e3 9b a6 8e 6f c4 aa 90 1f 61 f5 30 36 3e b7 30 33 cc e8 1d 5f da 58 cf fa 0b 51 a6 cd 79 a9 7f b0 a9 6a f3 5e a9 20 ca 77 e4 08 f3 7b 05 1b 1c d2 99 9e b8 b9 63 f5 0b bb a1 37 2f c8 47 96 4e da b4 4d 84 17 ef e1 2f 07 95 fb f1 4b e0 4d f5 e5 45 88 fa 31 89 02 23 93 6a ee 1b ab 9f 9d e6 db c2 25 40 1b 27 a5 df d6 2a 34 44 ed 37 8b c7 41 b4 40 cc ad 4a ea fe e1 9b 1f 47 01 af ba c9 74 c4 86 3d fc 03 67 ac 1f 57 0a 5a 5b d3 38 f3 d0 ac dc 34 28 5f 2e f6 93 00 70 7d 54 07 71 56 63 b6 7d a1 ef 43 24 35 94 4a df 3d 23 69 37 e0 a7 63 c8 0b 71 b5 e4 8e 03 df 52 80 65 fa 47 ef d5 c7 f7 41 00 29 ef 46 37 eb c6 27 63 f1 00 40 49 08 e7 b0 6e 0e 01 95 4d 6d 17 a8 08 5f 19 16 c8 07 09 a7 e6 d1 e5 28 66
2023-03-08 15:50:42.614 +00:00 [DBG] HTTP Redirect URL: https://redacted/adfs/ls/?SAMLRequest=jZLLTsMwEEV%2FxfI%2BdR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15%2F4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H%2FLXGIzea6WBDoGfp2u%2BVsHJsu%2BmQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ%2FkE&RelayState=https%3A%2F%2Fredacted%2FiFox%2F%3FReturnUrl%3D%252f&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G6XRr7WsiH3JgfWO4yQiHfv%2FNVLGTabjm6aOb8SqkB9h9TA2PrcwM8zoHV%2FaWM%2F6C1GmzXmpf7CpavNeqSDKd%2BQI83sFGxzSmZ64uWP1C7uhNy%2FIR5ZO2rRNhBfv4S8HlfvxS%2BBN9eVFiPoxiQIjk2ruG6ufnebbwiVAGyel39YqNETtN4vHQbRAzK1K6v7hmx9HAa%2B6yXTEhj38A2esH1cKWlvTOPPQrNw0KF8u9pMAcH1UB3FWY7Z9oe9DJDWUSt89I2k34KdjyAtxteSOA99SgGX6R%2B%2FVx%2FdBACnvRjfrxidj8QBASQjnsG4OAZVNbReoCF8ZFsgHCafm0eUoZg%3D%3D
2023-03-08 15:50:42.614 +00:00 [DBG] Redirecting to: https://redacted/adfs/ls/?SAMLRequest=jZLLTsMwEEV%2FxfI%2BdR5Naa02UmiFiFQgagMLNsg4DrXk2MHjFPh78kBQFlRIXlijuXPPXM0SWK0amrbuoHfitRXgULZZ4aeoCuNwES68xWwaetOLyPcYD5gXBTyIZnE15%2F4MowdhQRq9wuHExygDaEWmwTHtupIfRp7fvXkRxDT26TR8xGjTOUjN3KA6ONcAJaQSpbBDbcJj5mDCTU1YWQFRQDC6MpaLAXGFK6ZA9FY5A5BH8V3JrXGGG3UpdSn1ywq3VlPDQALVrBZAHaf79GZLO1T6PDYBvS6K3Mvv9gVGKYCwPcPaaGhrYffCHiUX97vtDymPVQ1eKY4noP3Uno70H%2FLXGIzea6WBDoGfp2u%2BVsHJsu%2BmQ672RH9e3gUzEuDkP9hLcmIyOjb0tpuabXKjJP9AqVLmbW0Fc13czrbdLiQZZb9PJ%2FkE&RelayState=https%3A%2F%2Fredacted%2FiFox%2F%3FReturnUrl%3D%252f&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=G6XRr7WsiH3JgfWO4yQiHfv%2FNVLGTabjm6aOb8SqkB9h9TA2PrcwM8zoHV%2FaWM%2F6C1GmzXmpf7CpavNeqSDKd%2BQI83sFGxzSmZ64uWP1C7uhNy%2FIR5ZO2rRNhBfv4S8HlfvxS%2BBN9eVFiPoxiQIjk2ruG6ufnebbwiVAGyel39YqNETtN4vHQbRAzK1K6v7hmx9HAa%2B6yXTEhj38A2esH1cKWlvTOPPQrNw0KF8u9pMAcH1UB3FWY7Z9oe9DJDWUSt89I2k34KdjyAtxteSOA99SgGX6R%2B%2FVx%2FdBACnvRjfrxidj8QBASQjnsG4OAZVNbReoCF8ZFsgHCafm0eUoZg%3D%3D
2023-03-08 15:50:42.615 +00:00 [DBG] The SAML message has been sent over HTTP-Redirect.
2023-03-08 15:50:42.617 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b):
SP state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: http://redacted/adfs/services/trust
Relay state:
In response to: _3f252929-9642-4730-ac1a-31c1365f8c06

2023-03-08 15:50:42.617 +00:00 [DBG] Initiation of SSO to the partner identity provider http://redacted/adfs/services/trust has completed successfully.
2023-03-08 15:51:04.143 +00:00 [DBG] Receiving an SSO response from a partner identity provider.
2023-03-08 15:51:04.144 +00:00 [DBG] The SSO session ID 1bcf0bee-68db-40ea-97f9-6ec5b772bb1b has been retrieved from the saml-session cookie.
2023-03-08 15:51:04.192 +00:00 [DBG] SAML session state (1bcf0bee-68db-40ea-97f9-6ec5b772bb1b):
SP state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: http://redacted/adfs/services/trust
Relay state:
In response to: _3f252929-9642-4730-ac1a-31c1365f8c06

2023-03-08 15:51:04.285 +00:00 [DBG] Receiving a SAML message over HTTP-Post.
2023-03-08 15:51:04.308 +00:00 [DBG] HTTPS request:
POST /SAMLAuth/SAML/AssertionConsumerService HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: saml-session=1bcf0bee-68db-40ea-97f9-6ec5b772bb1b
Host: redacted
Referer: https://redacted/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Origin: https://redacted
Content-Length: 5248
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
MS-ASPNETCORE-TOKEN: e5c51220-a79a-413f-b0ff-42099767dbb6
X-Original-Proto: http
X-Original-For: 127.0.0.1:60129

SAMLResponse=PHNhbWxwOlJlc3BvbnNlIElEPSJfNWEzYTY1NDgtZWUzMy00ZWUzLWJhZmItMGEwNjZhNGNjNzYyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjZaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jNWxtcy1kZXYuYzVhdHMuY29tL1NBTUxBdXRoL1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJfM2YyNTI5MjktOTY0Mi00NzMwLWFjMWEtMzFjMTM2NWY4YzA2IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfYzc1NzA0ZjQtMmI2Mi00ZDcxLWE0ZmItMzBlNmY4NDE4YTAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDMtMDhUMTU6NTE6MDQuMDY2WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2M3NTcwNGY0LTJiNjItNGQ3MS1hNGZiLTMwZTZmODQxOGEwMCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPjNSSkQvUlF6RjlJVVhubktpaGRKTmdPREZRQXdoYld1eDdKODVpV2hPVk09PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPk1BMEQ5KzBoWWNrWXJVYmZyRXZ6enlvZXJRU29kUCt4VHlxRmhaYTNkQW9Ld3pVMkgveW85aW9QelZIQmNGbTBGOTdvTTkydXNRb1pFUTBRWTgraERlalpEOGNFeitQS2p1dUsrL2lIYnZoME02OHRmN29IdFBiajZJZ2E4cUFlZyttT1JEZEExUm04YlhpRmx2TXhKSGwvTkFtcU5FWjFUbUJpeEQrRnd6NHM5cVpGODgrTmN5MDZyTGJ3Z0RSRmlnYTNBeTl4Uk53djBXQXFDOUNwbFNvSVBIdXZwa01KNitHV1BDdElWS05tNjU0cmxPeXNhUmNLYWh1ZU8rY1VlNFJkOEZ4TkVzT1FmSHZPQU1VZWdnZndSRXBKL281czJ6cW9XektsTEV2b0NHN09YMjEyNEczTnJFTEZXMXFZeEdQbXNXbWc5T0JlS2JneG9JY1g4QT09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzVEQ0NBY3lnQXdJQkFnSVFHQ2s1ZDJrR1RKbEhtNGVnYU5TSUl6QU5CZ2txaGtpRzl3MEJBUXNGQURBdU1Td3dLZ1lEVlFRREV5TkJSRVpUSUZOcFoyNXBibWNnTFNCbVpXUmxjbUYwYVc5dUxtTTFZWFJ6TG1OdmJUQWVGdzB5TWpBMU1qVXhPVFEyTVRWYUZ3MHlNekExTWpVeE9UUTJNVFZhTUM0eExEQXFCZ05WQkFNVEkwRkVSbE1nVTJsbmJtbHVaeUF0SUdabFpHVnlZWFJwYjI0dVl6VmhkSE11WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBenJ5SXZyM2tDSDMvVmhuY2c1UWt3U1NlYlBXQTdmYStIRi82T3doMzZvMnJ2Y0luOHd6YjRHNUNiU1BJbmwwU1RINFc5dHlnMFp2TmtrdEczekZUbGpKVmNVUDcwUmxYbHR1YTBvVXNkRG05R3NaM01NellZNmhtaVBzTVdOdkc5RW85V1N3UU9pU01ReEVCWXdpeFMwb3RhTnhJbytaMUlzcjFvNTJsUFlEVkkxWTM1NHRqRXNSM2lHNVQvSGxvTVVQM3RRTzYvQUEwRnJ5TElyazBtaTN6d1BTSTNUY0cweWh5Zmk1T1M5R1kxREl1NHF0VWppc2hxWlRiZnBEMnBiZEI0YVFNMlJyQXh6bzhHWlYzYzJ6bVRrb0RnanBVUFpBUUJmR1pmTWVQRFBhZDNydnpGT2NKMHhydEx2ZVZoNEVZNHdIclY5N2xyMVptaEtqMURRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQlVzb05QaEduY0ZiTUNTaUVtVTJlYnNOaXBhckNjNit6VWZUZXZtR1R2N2M1cGk3M0V1LzlvdHVvR0RsUTZmSG1VTjk0SzV1SCtrRzlneXp4ekRxeWljN0l4TFAxZHFiUFd6U05iWTFQeWRLT29UcTVWbVhjZThJZk5nNHdPckRwSUZDeU1KRThpbzNNZjJUK1pGRncrek9qRFh0c3dBU21XaEFLSmFBNHdia2ZreTJ1dE9iZGdVbW8zdzRudUwrWnI2TnQ1TzhPUi94YXhtNFc5YkdzVVNTMk9zMTRSTkNOVnBIQk5HSUJIUnZReUhTb0prVzNkVW9yMEcvVy8vYk9NTFJwSUpMUjVEN0R3aEtDeXVXMWdDRVhPampkckJ0Ky9TRStsOTA3L01aVGNmWnJ1bzBzcFJHbURqc0VsY05sSzNKdUpSTTVqZ3JLYWxRQ0Q2NzA8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il8zZjI1MjkyOS05NjQyLTQ3MzAtYWMxYS0zMWMxMzY1ZjhjMDYiIE5vdE9uT3JBZnRlcj0iMjAyMy0wMy0wOFQxNTo1NjowNC4wNjZaIiBSZWNpcGllbnQ9Imh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aC9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZSIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjNaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDMtMDhUMTY6NTE6MDQuMDYzWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPmh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aDwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iTmFtZWlkIj48QXR0cmlidXRlVmFsdWU+ZHVtYmVzdHVzZXJAYzVhdHMuY29tPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIzLTAzLTA4VDE1OjUxOjA0LjAxN1oiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+&RelayState=https://redacted/iFox/?ReturnUrl=%2f
2023-03-08 15:51:04.310 +00:00 [DBG] Parsing the HTTP post data.
2023-03-08 15:51:04.311 +00:00 [DBG] Retrieved parameter SAMLResponse: PHNhbWxwOlJlc3BvbnNlIElEPSJfNWEzYTY1NDgtZWUzMy00ZWUzLWJhZmItMGEwNjZhNGNjNzYyIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjZaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jNWxtcy1kZXYuYzVhdHMuY29tL1NBTUxBdXRoL1NBTUwvQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJfM2YyNTI5MjktOTY0Mi00NzMwLWFjMWEtMzFjMTM2NWY4YzA2IiB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48SXNzdWVyIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfYzc1NzA0ZjQtMmI2Mi00ZDcxLWE0ZmItMzBlNmY4NDE4YTAwIiBJc3N1ZUluc3RhbnQ9IjIwMjMtMDMtMDhUMTU6NTE6MDQuMDY2WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vZmVkZXJhdGlvbi5jNWF0cy5jb20vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2M3NTcwNGY0LTJiNjItNGQ3MS1hNGZiLTMwZTZmODQxOGEwMCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPjNSSkQvUlF6RjlJVVhubktpaGRKTmdPREZRQXdoYld1eDdKODVpV2hPVk09PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPk1BMEQ5KzBoWWNrWXJVYmZyRXZ6enlvZXJRU29kUCt4VHlxRmhaYTNkQW9Ld3pVMkgveW85aW9QelZIQmNGbTBGOTdvTTkydXNRb1pFUTBRWTgraERlalpEOGNFeitQS2p1dUsrL2lIYnZoME02OHRmN29IdFBiajZJZ2E4cUFlZyttT1JEZEExUm04YlhpRmx2TXhKSGwvTkFtcU5FWjFUbUJpeEQrRnd6NHM5cVpGODgrTmN5MDZyTGJ3Z0RSRmlnYTNBeTl4Uk53djBXQXFDOUNwbFNvSVBIdXZwa01KNitHV1BDdElWS05tNjU0cmxPeXNhUmNLYWh1ZU8rY1VlNFJkOEZ4TkVzT1FmSHZPQU1VZWdnZndSRXBKL281czJ6cW9XektsTEV2b0NHN09YMjEyNEczTnJFTEZXMXFZeEdQbXNXbWc5T0JlS2JneG9JY1g4QT09PC9kczpTaWduYXR1cmVWYWx1ZT48S2V5SW5mbyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQzVEQ0NBY3lnQXdJQkFnSVFHQ2s1ZDJrR1RKbEhtNGVnYU5TSUl6QU5CZ2txaGtpRzl3MEJBUXNGQURBdU1Td3dLZ1lEVlFRREV5TkJSRVpUSUZOcFoyNXBibWNnTFNCbVpXUmxjbUYwYVc5dUxtTTFZWFJ6TG1OdmJUQWVGdzB5TWpBMU1qVXhPVFEyTVRWYUZ3MHlNekExTWpVeE9UUTJNVFZhTUM0eExEQXFCZ05WQkFNVEkwRkVSbE1nVTJsbmJtbHVaeUF0SUdabFpHVnlZWFJwYjI0dVl6VmhkSE11WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBenJ5SXZyM2tDSDMvVmhuY2c1UWt3U1NlYlBXQTdmYStIRi82T3doMzZvMnJ2Y0luOHd6YjRHNUNiU1BJbmwwU1RINFc5dHlnMFp2TmtrdEczekZUbGpKVmNVUDcwUmxYbHR1YTBvVXNkRG05R3NaM01NellZNmhtaVBzTVdOdkc5RW85V1N3UU9pU01ReEVCWXdpeFMwb3RhTnhJbytaMUlzcjFvNTJsUFlEVkkxWTM1NHRqRXNSM2lHNVQvSGxvTVVQM3RRTzYvQUEwRnJ5TElyazBtaTN6d1BTSTNUY0cweWh5Zmk1T1M5R1kxREl1NHF0VWppc2hxWlRiZnBEMnBiZEI0YVFNMlJyQXh6bzhHWlYzYzJ6bVRrb0RnanBVUFpBUUJmR1pmTWVQRFBhZDNydnpGT2NKMHhydEx2ZVZoNEVZNHdIclY5N2xyMVptaEtqMURRSURBUUFCTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDQlVzb05QaEduY0ZiTUNTaUVtVTJlYnNOaXBhckNjNit6VWZUZXZtR1R2N2M1cGk3M0V1LzlvdHVvR0RsUTZmSG1VTjk0SzV1SCtrRzlneXp4ekRxeWljN0l4TFAxZHFiUFd6U05iWTFQeWRLT29UcTVWbVhjZThJZk5nNHdPckRwSUZDeU1KRThpbzNNZjJUK1pGRncrek9qRFh0c3dBU21XaEFLSmFBNHdia2ZreTJ1dE9iZGdVbW8zdzRudUwrWnI2TnQ1TzhPUi94YXhtNFc5YkdzVVNTMk9zMTRSTkNOVnBIQk5HSUJIUnZReUhTb0prVzNkVW9yMEcvVy8vYk9NTFJwSUpMUjVEN0R3aEtDeXVXMWdDRVhPampkckJ0Ky9TRStsOTA3L01aVGNmWnJ1bzBzcFJHbURqc0VsY05sSzNKdUpSTTVqZ3JLYWxRQ0Q2NzA8L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il8zZjI1MjkyOS05NjQyLTQ3MzAtYWMxYS0zMWMxMzY1ZjhjMDYiIE5vdE9uT3JBZnRlcj0iMjAyMy0wMy0wOFQxNTo1NjowNC4wNjZaIiBSZWNpcGllbnQ9Imh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aC9TQU1ML0Fzc2VydGlvbkNvbnN1bWVyU2VydmljZSIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMy0wMy0wOFQxNTo1MTowNC4wNjNaIiBOb3RPbk9yQWZ0ZXI9IjIwMjMtMDMtMDhUMTY6NTE6MDQuMDYzWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPmh0dHBzOi8vYzVsbXMtZGV2LmM1YXRzLmNvbS9TQU1MQXV0aDwvQXVkaWVuY2U+PC9BdWRpZW5jZVJlc3RyaWN0aW9uPjwvQ29uZGl0aW9ucz48QXR0cmlidXRlU3RhdGVtZW50PjxBdHRyaWJ1dGUgTmFtZT0iTmFtZWlkIj48QXR0cmlidXRlVmFsdWU+ZHVtYmVzdHVzZXJAYzVhdHMuY29tPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD48QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDIzLTAzLTA4VDE1OjUxOjA0LjAxN1oiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
2023-03-08 15:51:04.311 +00:00 [DBG] Retrieved parameter RelayState: https://redacted/iFox/?ReturnUrl=%2f
2023-03-08 15:51:04.311 +00:00 [DBG] SAML response: <samlp:Response ID="_5a3a6548-ee33-4ee3-bafb-0a066a4cc762" Version="2.0" IssueInstant="2023-03-08T15:51:04.066Z" Destination="https://redacted/SAMLAuth/SAML/AssertionConsumerService" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://redacted/adfs/services/trust</Issuer><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status><Assertion ID="_c75704f4-2b62-4d71-a4fb-30e6f8418a00" IssueInstant="2023-03-08T15:51:04.066Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://redacted/adfs/services/trust</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_c75704f4-2b62-4d71-a4fb-30e6f8418a00"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>3RJD/RQzF9IUXnnKihdJNgODFQAwhbWux7J85iWhOVM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MA0D9+0hYckYrUbfrEvzzyoerQSodP+xTyqFhZa3dAoKwzU2H/yo9ioPzVHBcFm0F97oM92usQoZEQ0QY8+hDejZD8cEz+PKjuuK+/iHbvh0M68tf7oHtPbj6Iga8qAeg+mORDdA1Rm8bXiFlvMxJHl/NAmqNEZ1TmBixD+Fwz4s9qZF88+Ncy06rLbwgDRFiga3Ay9xRNwv0WAqC9CplSoIPHuvpkMJ6+GWPCtIVKNm654rlOysaRcKahueO+cUe4Rd8FxNEsOQfHvOAMUeggfwREpJ/o5s2zqoWzKlLEvoCG7OX2124G3NrELFW1qYxGPmsWmg9OBeKbgxoIcX8A==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQGCk5d2kGTJlHm4egaNSIIzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBmZWRlcmF0aW9uLmM1YXRzLmNvbTAeFw0yMjA1MjUxOTQ2MTVaFw0yMzA1MjUxOTQ2MTVaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGZlZGVyYXRpb24uYzVhdHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzryIvr3kCH3/Vhncg5QkwSSebPWA7fa+HF/6Owh36o2rvcIn8wzb4G5CbSPInl0STH4W9tyg0ZvNkktG3zFTljJVcUP70RlXltua0oUsdDm9GsZ3MMzYY6hmiPsMWNvG9Eo9WSwQOiSMQxEBYwixS0otaNxIo+Z1Isr1o52lPYDVI1Y354tjEsR3iG5T/HloMUP3tQO6/AA0FryLIrk0mi3zwPSI3TcG0yhyfi5OS9GY1DIu4qtUjishqZTbfpD2pbdB4aQM2RrAxzo8GZV3c2zmTkoDgjpUPZAQBfGZfMePDPad3rvzFOcJ0xrtLveVh4EY4wHrV97lr1ZmhKj1DQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBUsoNPhGncFbMCSiEmU2ebsNiparCc6+zUfTevmGTv7c5pi73Eu/9otuoGDlQ6fHmUN94K5uH+kG9gyzxzDqyic7IxLP1dqbPWzSNbY1PydKOoTq5VmXce8IfNg4wOrDpIFCyMJE8io3Mf2T+ZFFw+zOjDXtswASmWhAKJaA4wbkfky2utObdgUmo3w4nuL+Zr6Nt5O8OR/xaxm4W9bGsUSS2Os14RNCNVpHBNGIBHRvQyHSoJkW3dUor0G/W//bOMLRpIJLR5D7DwhKCyuW1gCEXOjjdrBt+/SE+l907/MZTcfZruo0spRGmDjsElcNlK3JuJRM5jgrKalQCD670</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" NotOnOrAfter="2023-03-08T15:56:04.066Z" Recipient="https://redacted/SAMLAuth/SAML/AssertionConsumerService" /></SubjectConfirmation></Subject><Conditions NotBefore="2023-03-08T15:51:04.063Z" NotOnOrAfter="2023-03-08T16:51:04.063Z"><AudienceRestriction><Audience>https://redacted/SAMLAuth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="Nameid"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2023-03-08T15:51:04.017Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
2023-03-08 15:51:04.312 +00:00 [DBG] Relay state: https://redacted/iFox/?ReturnUrl=%2f
2023-03-08 15:51:04.312 +00:00 [DBG] The SAML message has been received over HTTP-Post.
2023-03-08 15:51:04.350 +00:00 [DBG] The XML validated against the SAML XML Schemas.
2023-03-08 15:51:04.385 +00:00 [DBG] The SAML response status is success.
2023-03-08 15:51:04.397 +00:00 [DBG] Verifying the SAML assertion signature.
2023-03-08 15:51:04.411 +00:00 [DBG] Loading the X.509 certificate from the file D:\folder\subfolder\SAMLWebApi\certificates/ADFS.cer.
2023-03-08 15:51:04.424 +00:00 [DBG] The X.509 certificate with subject name CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 017A6F52A713044239E08846ECE6FC1A has been loaded.
2023-03-08 15:51:04.430 +00:00 [DBG] The X.509 certificate with subject name CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US and serial number 017A6F52A713044239E08846ECE6FC1A has been cached.
2023-03-08 15:51:04.433 +00:00 [DBG] Verifying signed XML: <Assertion ID="_c75704f4-2b62-4d71-a4fb-30e6f8418a00" IssueInstant="2023-03-08T15:51:04.066Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://redacted/adfs/services/trust</Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_c75704f4-2b62-4d71-a4fb-30e6f8418a00"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>3RJD/RQzF9IUXnnKihdJNgODFQAwhbWux7J85iWhOVM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MA0D9+0hYckYrUbfrEvzzyoerQSodP+xTyqFhZa3dAoKwzU2H/yo9ioPzVHBcFm0F97oM92usQoZEQ0QY8+hDejZD8cEz+PKjuuK+/iHbvh0M68tf7oHtPbj6Iga8qAeg+mORDdA1Rm8bXiFlvMxJHl/NAmqNEZ1TmBixD+Fwz4s9qZF88+Ncy06rLbwgDRFiga3Ay9xRNwv0WAqC9CplSoIPHuvpkMJ6+GWPCtIVKNm654rlOysaRcKahueO+cUe4Rd8FxNEsOQfHvOAMUeggfwREpJ/o5s2zqoWzKlLEvoCG7OX2124G3NrELFW1qYxGPmsWmg9OBeKbgxoIcX8A==</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIC5DCCAcygAwIBAgIQGCk5d2kGTJlHm4egaNSIIzANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNBREZTIFNpZ25pbmcgLSBmZWRlcmF0aW9uLmM1YXRzLmNvbTAeFw0yMjA1MjUxOTQ2MTVaFw0yMzA1MjUxOTQ2MTVaMC4xLDAqBgNVBAMTI0FERlMgU2lnbmluZyAtIGZlZGVyYXRpb24uYzVhdHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzryIvr3kCH3/Vhncg5QkwSSebPWA7fa+HF/6Owh36o2rvcIn8wzb4G5CbSPInl0STH4W9tyg0ZvNkktG3zFTljJVcUP70RlXltua0oUsdDm9GsZ3MMzYY6hmiPsMWNvG9Eo9WSwQOiSMQxEBYwixS0otaNxIo+Z1Isr1o52lPYDVI1Y354tjEsR3iG5T/HloMUP3tQO6/AA0FryLIrk0mi3zwPSI3TcG0yhyfi5OS9GY1DIu4qtUjishqZTbfpD2pbdB4aQM2RrAxzo8GZV3c2zmTkoDgjpUPZAQBfGZfMePDPad3rvzFOcJ0xrtLveVh4EY4wHrV97lr1ZmhKj1DQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCBUsoNPhGncFbMCSiEmU2ebsNiparCc6+zUfTevmGTv7c5pi73Eu/9otuoGDlQ6fHmUN94K5uH+kG9gyzxzDqyic7IxLP1dqbPWzSNbY1PydKOoTq5VmXce8IfNg4wOrDpIFCyMJE8io3Mf2T+ZFFw+zOjDXtswASmWhAKJaA4wbkfky2utObdgUmo3w4nuL+Zr6Nt5O8OR/xaxm4W9bGsUSS2Os14RNCNVpHBNGIBHRvQyHSoJkW3dUor0G/W//bOMLRpIJLR5D7DwhKCyuW1gCEXOjjdrBt+/SE+l907/MZTcfZruo0spRGmDjsElcNlK3JuJRM5jgrKalQCD670</ds:X509Certificate></ds:X509Data></KeyInfo></ds:Signature><Subject><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="_3f252929-9642-4730-ac1a-31c1365f8c06" NotOnOrAfter="2023-03-08T15:56:04.066Z" Recipient="https://redacted/SAMLAuth/SAML/AssertionConsumerService" /></SubjectConfirmation></Subject><Conditions NotBefore="2023-03-08T15:51:04.063Z" NotOnOrAfter="2023-03-08T16:51:04.063Z"><AudienceRestriction><Audience>https://redacted/SAMLAuth</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="Nameid"><AttributeValue>[email protected]</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2023-03-08T15:51:04.017Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>
2023-03-08 15:51:04.433 +00:00 [DBG] Signature certificate subject: CN=*.redacted.com, O=SomeCompany, L=SomeCity, S=SomeState, C=US, serial number: 017A6F52A713044239E08846ECE6FC1A
2023-03-08 15:51:04.525 +00:00 [DBG] XML signature verified: False
2023-03-08 15:51:04.526 +00:00 [DBG] Signature embedded certificate subject: CN=ADFS Signing - redacted, serial number: 1829397769064C99479B87A068D48823
2023-03-08 15:51:04.526 +00:00 [ERR] Receiving an SSO response from a partner identity provider has failed.
ComponentSpace.Saml2.Exceptions.SamlSignatureException: The SAML assertion signature failed to verify.

 at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem)
 at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
 at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
 at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
2023-03-08 15:51:04.558 +00:00 [ERR] Connection id "0HMOVTJFBC5QU", Request id "0HMOVTJFBC5QU:00000002": An unhandled exception was thrown by the application.
ComponentSpace.Saml2.Exceptions.SamlSignatureException: The SAML assertion signature failed to verify.
 at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlAssertionSignatureAsync(AssertionListItem assertionListItem)
 at ComponentSpace.Saml2.SamlServiceProvider.GetSamlAssertionAsync(SamlResponse samlResponse)
 at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement, String relayState)
 at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
 at ExampleWebApi.Controllers.SamlController.AssertionConsumerService() in D:\Jenkins\workspace\software\softwareSSOAuthAPIs\SAMLAuth\SAMLWebApi\Controllers\SamlController.cs:line 41
 at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
 at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
 at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
 at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
 at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
 at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
 at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextResourceFilter()
 at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Rethrow(ResourceExecutedContext context)
 at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
 at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
 at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
 at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
 at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
 at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
 at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore(HttpContext context)
 at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
 at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.Invoke(HttpContext httpContext)
 at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context)
 at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The wrong partner certificate (ADFS.cer) has been configured. You should use the certificate with serial number 1829397769064C99479B87A068D48823.

If there's still an issue, please send the SAML log file as an email attachment to [email protected]

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search