Home » .Net FrameworkRSS

ADFS 2.0 Tracing: "No Issuer element found in SAML message"

I've got the error: MSIS1022: Cannot process SAML Response from ''. Inner exception: MSIS0025: No 
Issuer element found in SAML message.
Following the SAMLResponse XML submitted from the IDP where Issuer exists of course. Please suggest what I'm doing wrong.
Thanks!
<samlp:ResponseID="mbjjjdhkikbiacblobacnfbfbnhhkjbgamcncnfe"IssueInstant="2010-11-25T13:46:06Z"Version="2.0"xmlns="urn:oasis:names:tc:SAML:2.0:assertion"xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><Signaturexmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethodAlgorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethodAlgorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <Reference URI="">
    <Transforms><TransformAlgorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethodAlgorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>uqgjqgTOIbTHzIDACq33G+GKUYQ=</DigestValue></Reference></SignedInfo><SignatureValue>aPZ3d+Oro91OqwUlwEGt2CcDmWGbsAMwHongwCChlC0FXOgQMsh7bSG/h/9TvFJQPYMDwEXOAhTgb9E4CHFphKfQTU13cMpRC4n6NKdx1NaHS9Zb3pPSYcMX5HbqBOexYYPzWPotn7uGFoX2nKHdP6ww9TzWtiVfYIwGwt6g58gwDLPg/tqaH+jip9VHHzheyp3dupXdDQUu8kXj2QAynZ6jX3U7eUdCBCtoxcofoSwT+ZIePDvn/A0hmOOibf6VrDjDhGL4J8P60bIt3HWvZeOn3kksHk2Fdvno8w6A1iBLjHrDvNxPik89g3SOrMaiL07wEY2niSgERVMqHgdKPg==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>4d8sibR5cmqqMNsgzQEuJ2cpUMRevxi/YRv92Uz1MIN4LA+gZLivf7z/+VjibcVnUDYgbTI8SNZ6X5l9wfEcHcUTUxnJ6zLKXGsTVESldEypfBSmicneVVHd36+xh0jhNp4cklMai0AG1KlM16/qhY9T58ehAUtOYnfviok4OYmjUZsaXRFLwllC7kiRXQD5Vj8rDMz/VP3iA+OMaqrtEo1iUrEks9ahJyWkztNZUXjsW0G0k3h6gmJ+f8IicuBDZogPMpEmQ1xRnI36HmBaPZsHleIpV3Swn2HrrduCAIUIqVCr872sQMuckX6fRbWQizPzeJeWOxmPaaXnMgjfIw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature><samlp:Status><samlp:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><AssertionID="ddfpljiefpheflbdliaepaonigojelndknhacijk"IssueInstant="2003-04-17T00:46:02Z"Version="2.0"xmlns="urn:oasis:names:tc:SAML:2.0:assertion"><Issuer>http://localhost/idptest</Issuer><Subject><NameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">administrator</NameID><SubjectConfirmationMethod="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationDataRecipient="https://utp2008r2-3.yoashsso.com/adfs/ls/"NotOnOrAfter="2010-11-25T13:56:06Z"/></SubjectConfirmation></Subject><ConditionsNotBefore="2010-11-25T13:41:06Z"NotOnOrAfter="2010-11-25T13:56:06Z"><AudienceRestriction><Audience>http://utp2008r2-3.yoashsso.com/adfs/services/trust</Audience></AudienceRestriction></Conditions><AuthnStatementAuthnInstant="2010-11-25T13:46:06Z"><AuthnContext><AuthnContextClassRef>
     urn:oasis:names:tc:SAML:2.0:ac:classes:Password
    </AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
 

3 Answers Found

 

Answer 1

Can anyone help?
 

Answer 2

Thanks for your reply Paul.

 

This IDP works great with Google Apps and Force.com if that worth anything... I wish there was validator tool coming with ADFS 2.0 similar to that in Force.com helping resolving such issues. The ADFS event log is very poor giving no info where exactly the problem is...

 

Thanks anyway.

 

Answer 3

:-) In your case it does not look like an XML error. ADFS2 is extremely explicit. It complains about the missing "Issuer" element (in the samlp:Response).

:-) Who wrote this IdP?

 
 
 

<< Previous      Next >>


Microsoft   |   Windows   |   Visual Studio   |   Follow us on Twitter