0 Replies Latest reply: May 4, 2011 9:09 AM by 859539 RSS

    SAML2 federation Opensso - Siteminder

    859539
      Hi all,
      i'm trying to set-up a proof of concept of a federation with an IDP Opensso and a SP siteminder.

      I've created a COT, then an hosted idp with the opensso admin console and i've registered a service provider importing a metadata(below):


      <?xml version="1.0" encoding="UTF8" standalone="yes"?>
      <EntityDescriptor entityID="SP.sm.it" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
      <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
      <KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:X509Data>
      <ds:X509Certificate>
      MIIDGDCCAtagAwIBAgIETbaTTzALBgcqhkjOOAQDBQAwbzELMAkGA1UEBhMCaXQx
      CzAJBgNVBAgTAml0MQswCQYDVQQHEwJpdDEQMA4GA1UEChMHemVyb3BpdTEOMAwG
      A1UECxMFZGV2ZWwxJDAiBgNVBAMTG2RlbW9zZWNzc28uZGV2ZWwuemVyb3BpdS5p
      dDAeFw0xMTA0MjYwOTQxMzVaFw0xMTA3MjUwOTQxMzVaMG8xCzAJBgNVBAYTAml0
      MQswCQYDVQQIEwJpdDELMAkGA1UEBxMCaXQxEDAOBgNVBAoTB3plcm9waXUxDjAM
      BgNVBAsTBWRldmVsMSQwIgYDVQQDExtkZW1vc2Vjc3NvLmRldmVsLnplcm9waXUu
      aXQwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8
      70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWk
      n5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
      Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8
      q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fP
      CTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD
      3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhQACgYEAhReSfgf9aHnlFJJiynwFDnQ3
      y6JpsZYFYfD4/KwcY2mLuzsDxOxlRR2yqZhPA2D1YUSwPFzFcg4ZOYvCDX6qiVYO
      4CXsXc174QsATEh7C5DXYPCL+FiE8yQno8/p0LIphFZBPc8XnpaWUd3mAx0/87Kh
      02n58jgS90ttLlDoyOwwCwYHKoZIzjgEAwUAAy8AMCwCFB0KS8NMrYIarG5we4n0
      5o/qPp8eAhQGZxS14pmdSfs7nGfdY187pCnsrw==
      </ds:X509Certificate>
      </ds:X509Data>
      </ds:KeyInfo>
      </KeyDescriptor>
      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTPRedirect" Location="http://zpvm-03081040.IAMFVC.local/affwebservices/public/saml2slo" ResponseLocation=""/>
      <AssertionConsumerService index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTPArtifact" Location="http://zpvm-03081040.IAMFVC.local/affwebservices/public/saml2assertionconsumer"/>
      </SPSSODescriptor>
      </EntityDescriptor>


      I've created an html page that i have protected with opensso. Once i'm logged in i have a link to request the federation:
      "http://demosecsso.devel.zeropiu.it:8080/opensso/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=SP.sm.it"

      As soon as i click on that link i have this warning:
      HTTP Status 400 - Error processing AuthnRequest. Requested binding not supported.

      --------------------------------------------------------------------------------

      type Status report

      message Error processing AuthnRequest. Requested binding not supported.

      description The request sent by the client was syntactically incorrect (Error processing AuthnRequest. Requested binding not supported.).


      --------------------------------------------------------------------------------

      Do you have any idea on what can i do? I actually don't know where can i look in to figure out the problem?

      Thank you,
      Ivan