salesForce上有效SAML2.0断言的invalid_grant错误
[英]invalid_grant error with valid SAML2.0 assertion on SalesForce
问题描述
I'm tried to implement SSO for SalesForce using OpenSAML. 
我试图使用OpenSAML为SalesForce实现SSO。 My code generates valid SAML assertion, which validated by salesforce SAML validator. 我的代码生成有效的SAML断言,该断言由salesforce SAML验证器验证。 But when I tried to send assertion to salesforce I always got this error: 但是当我尝试向salesforce发送断言时,我总是遇到这个错误:
{"error_uri":"https://na4.salesforce.comnull/setup/secur/SAMLValidationPage.apexp","error":"invalid_grant","error_description":"invalid assertion"}
I using folloving code to send request to salesforce: 我使用folloving代码向salesforce发送请求:
SAMLResponseGenerator responseGenerator = new SalesforceSAMLResponseGenerator(container, strIssuer, strNameID, strNameQualifier, sessionId);
String samlAssertion = Base64.encodeBase64String(responseGenerator.generateSAMLAssertionString());
try {
HttpClient httpClient = createHttpClient();
HttpPost httpPost = new HttpPost("https://login.salesforce.com/services/oauth2/token");
MultipartEntity entity = new MultipartEntity(HttpMultipartMode.BROWSER_COMPATIBLE);
entity.addPart("grant_type", new StringBody("assertion"));
entity.addPart("assertion_type", new StringBody("urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser"));
entity.addPart("assertion", new StringBody(samlAssertion));
httpPost.setEntity(entity);
HttpResponse httpResponse = httpClient.execute(httpPost);
// Get the response
BufferedReader rd = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent()));
StringBuffer buffer = new StringBuffer();
String line = null;
while ((line = rd.readLine()) != null) {
buffer.append(line);
buffer.append("\n");
}
rd.close();
httpClient.getConnectionManager().shutdown();
System.out.println(buffer.toString());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
My generator generated valid SAML (If I can trust salesforce SAML validator results). 我的生成器生成了有效的SAML(如果我可以信任salesforce SAML验证器结果)。 Seems that salesforce can't decode assertion, because when I sent random data instead of samlAssertion I've recieved same error message. 似乎salesforce无法解码断言,因为当我发送随机数据而不是samlAssertion时,我收到了相同的错误消息。
I also tried to use Base64.encodeBase64URLSafeString() to encode but without positive results. 我还尝试使用Base64.encodeBase64URLSafeString()进行编码但没有正面结果。
Can anyone help me with this issue? 任何人都可以帮我解决这个问题吗?
1 个解决方案
解决方案1
2 已采纳 2012-09-06 10:50:15
Solution of my problem was very simple. 解决我的问题非常简单。 Do not trust SalesForce's documents, trust only protocol specs :) According to specs I needs to send Base64 encoded SAML in SAMLResponse parameter. 不要相信SalesForce的文档,只信任协议规范 :)根据规范,我需要在SAMLResponse参数中发送Base64编码的SAML。 That is all. 就这些。
I've using following code illustrated the solution: 我使用以下代码说明了解决方案:
HttpClient httpClient = initHttpClient();
HttpPost httpPost = new HttpPost("https://login.salesforce.com/");
MultipartEntity entity = new MultipartEntity(HttpMultipartMode.STRICT);
entity.addPart("SAMLResponse", new StringBody(Base64.encodeBase64String(samlAssertion)));
httpPost.setEntity(entity);
HttpResponse httpResponse = httpClient.execute(httpPost);
Header location = httpResponse.getFirstHeader("Location");
if (null != location) {
System.out.println(location.getValue());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.