SAML 1.1 Integration with Vertex using Novell Access Manager 3.1

0 Likes
over 10 years ago

Authors:
Alan Weber – Integrys Energy Group, Inc.
Neil Cashell – Novell Technical Services

Introduction:

The goal of Identity Federation is to enable users of one trusted business partner to securely and seamlessly access resources/systems of another business partner based on the business and technical agreements in a trustworthy manner. Identity Federation enables Single Sign-On, Access Control and Single Sign-Off provisioning for users and links users' identities.

This document helps the user to Configure a Novell Access Manager 3.1 SAML 1.1 Identity provider so that it integrates seamlessly with a Vertex SAML 1.1 Service Provider using the Intersite transfer URL. Vertex is a business partner that we work with on a specific energy-related application – like most SAML 1.1 Service Providers, it consumes a SAML assertion generated by a trusted Identity Provider (Novell Access Manager) to determine single sign on and authorize users.

Although the approach is similar to the solution described for Access Manager 3.0 in the SAML / NAM / Concur Integration document, the newer version of Access Manager simplifies the configuration, especially in terms of sending the users NameIdentifier in the Authentication Response.

Configuration of SAML 1.1 Implementation at Integrys

To configure SAML 1.1, you must first log into Access Manager. The admin server URL is https://dob-amap1:8443/nps/. Log in with your Access Manager credentials.

Click to view.

Once logged in, click the link for Identity Servers, and select the pool. In this example, the pool is named PIDSCL1.

Click to view.

On the IDP Cluster configuration page, click the SAML 1.1 link

Click to view.

To create a new Service Provider, click "New", and select Service Provider

Click to view.

Name your Service Provider.

When integrating with Vertex, you must select "Metadata Text", since they do not use Access Manager and cannot provide a Metadata URL.

The Metadata provided is unique to the environment you’re connecting to, and must have a few necessary components.
Enter the Metadata and click Next

*See Appendix 1 for Vertex’s Metadata.

Click to view.

Verify that the Certificate information is correct.

Click Finish.

Click to view.

Add trusted root cert for signing cert to the NIDP-Trusstore. This is a requirement for the Vertex SAML 1.1 Service Provider to load correctly on the Identity Server.

Click to view.

Once you’ve created the Service Provider, you must now choose which attributes you want to send with the SAML assertion. Click the Service Provider you just created.

Click to view.

Click the Attributes link, and select Attribute Set.

If the one you need doesn’t exist, click <New Attribute Set>

Click to view.

Name your attribute set, and click <None> for template

Click to view.

Click New and select the attributes you’d like to map.

For Vertex, we map the attributes:

WPSRTWAECISnumber
WPSRTWARole
cn

NOTE: If the attribute mappings are not showing up, go to Identity Servers > Shared Settings and create mappings. See Novell Documentation for more info.

Click to view.

Once you’ve created your attribute set, select it and choose the attributes you’d like to send with authentication.

Click to view.

Next, click Authentication Response and set the

  • NameIdentifier format to be unspecified and set the value to be the LDAP cn
  • Assertion Validity period to 7200. This allows SAML sessions to be valid for 2 hours on the Vertex SP.

These settings were requested by Vertex

Click to view.

You may choose to set up an Intersite Transfer Service to simplify your SAML Assertion link. We can’t use it in our environment, but to do this, enter an ID, and the target URL from the Metadata (hint: look for Location=)

Click OK and update your Identity Servers and Access gateways (if required)

You should now be done.

To use your new SAML 1.1 implementation, use the following links

With Intersite Transfer Service:

This uses the ID you created for the Intersite Transfer Service. You cannot add any attributes to the end of this URL, which is why we cannot use it.
https://ids.integrysgroup.com:8443/nidp/saml/idpsend?id=Vertex

Using Intersite Transfer URL without the identifier:

When no identifier is passed to the idpsend service, we need to pass the PID and Target instead. The PID is simply the 'entityID' string from the SP metadata that we imported into the Identity Server SAML setup, and the target is the destination URL that we want to go to.

     PID = entityID

     Target = Location

You can also add attributes to the end of these links. Note how Integrys adds "site=mer" or "site=mgu" to the end of our target URL. This allows the SP to do some additional processing based on the parameter passed to it.

https://ids.integrysgroup.com/nidp/saml/idpsend?PID=https://twa.utilitiesbp.com/SAML2&TARGET=https://twa.utilitiesbp.com/saml.do?site=mgu

https://ids.integrysgroup.com/nidp/saml/idpsend?PID=https://twa.utilitiesbp.com/SAML2&TARGET=https://twa.utilitiesbp.com/saml.do?site=mer

Appendix 1 – Vertex Metadata

Vertex Metadata. Copy into Notepad for proper formatting. Note that the Certificate entry is not really required as we are using the intersite transfer URL approach and the SP never generates a SAML Authnetication request to the Identity server that could be signed with this certificate.

<md:EntityDescriptor
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https://twa.utilitiesbp.com/SAML2">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:0.1:protocol
urn:oasis:names:tc:SAML:1.1:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>twa.utilitiesbp.com</ds:KeyName>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> MIIE9DCCA9ygAwIBAgIETBpFwzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UE BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l bnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEf MB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50 cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA1MDIx ODU5MjhaFw0xMzA3MDMwNDI3NTdaMIGaMQswCQYDVQQGEwJVUzEOMAwGA1UE CBMFVGV4YXMxEzARBgNVBAcTClJpY2hhcmRzb24xITAfBgNVBAoTGFZlcnRl eCBCdXNpbmVzcyBTZXJ2aWNlczElMCMGA1UECxMcSW5mb3JtYXRpb24gU3lz dGVtcyBTZWN1cml0eTEcMBoGA1UEAxMTdHdhLnV0aWxpdGllc2JwLmNvbTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZm5U/YrxCEePLvi nD q2n1pavsOmLnkxjgr0yqo1xCzrvCNMVCPcAzzPBfakWCpay7qcr/XLV5rJEG eq29T8Gz8XoFB9/wdq3ZKxK/prV4oW T8fel9Hlnme4XeEN2nh9mLh8TlLPt KFWObI0k6vQ2Kpy6ezrXXaRx6SMItmCz3CYoSEq9OA79IfIzar9CrC7GoQNs MnnEXlah1pA 4Mcz1H h7NUVPzP27IBbdoGD5YkLragzU0r7J5VUdh70 VwB /rX9pGXogZp20zOSMw0UnujOdgnPhC4LTLf wRuqEJmetrbOxUj/x4LV3RUw v3fWeSVDAZ2gMxe50VH2O5ECAwEAAaOCAScwggEjMAsGA1UdDwQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCwwKjAooCag JIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDAzBggrBgEF BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0 MEAGA1UdIAQ5MDcwNQYJKoZIhvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6 Ly93d3cuZW50cnVzdC5uZXQvcnBhMB8GA1UdIwQYMBaAFB7xq4kG EkPATN3 7hR67hl8kyhNMB0GA1UdDgQWBBT/5wcC3TAejp 3OmYv/7QjS29GgjAJBgNV HRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQB2neGhzzgOgv7novQfZkDxk0U7 1jJ7HZFgZgEx/0U34IXjOM4x2IeaRIRpQidRmEvlTSTVUlamm5IEtT4FIZom VtSZGbh7gCqMLC76iDPGqc3ZoM1VpvkQWpbehtvI5vxlwtg4x/j2oFe7j/rK DdH/9Mex h0snCGk23WSDrjZ9Z6B3 2RGZ33ek7cGbrinLOGvIi/k5e44Kif Q/qzsCAMqCHG6OfeAJr/NU0yck8DjQ99/NX8kZ7mvuufCS/BH0jastdC8h5N 0VIqcigiqz2VeoaBH7VD77QMvXrb6wsyUyiNqlRIlFwXtBJ179lLLdy8THHa sLIX T39S OEMawL
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://twa.utilitiesbp.com/saml.do" index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>

Appendix 2 – Sample Assertion based on our configuration

  1. Note the Authentication Statement includes the users CN (AWEBER) in the Subject NameIdentifier sections with the unspecified format (as defined in the Authentication Response UI field above)
  • Note the Attribute Statement includes the three attributes configured in the 'send with authentication' Attribute UI field above, and required by the SP.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2011-08-22T16:27:06Z" MajorVersion="1" MinorVersion="1" Recipient="https://twa.utilitiesbp.com/SAML2" ResponseID="idBd5V6Z6streMSo7VtTAbd02TyC4"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#idBd5V6Z6streMSo7VtTAbd02TyC4"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">7odfnLwMKVNff1LvN1OdSMogPeQ=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
JzDlcLfqXEBX749BS7imw4d98PgU2J7RgFFQ XT3Wpr 7rE pdN074pi9DREfwQ7todPvBmPaQ6f
IdgT 3sni540nIWLzfJoCF1aO9GVUrtov93GAQkno4lMEH4BM5L5dG44dn3In1qfz651LgdOJmHd
KQlGgLCtQ5wp622QoG/fGTdK2EzXaUeljweVnOggiKI2Qc85AChLkW4gp8oMnNFojjhlIkwP4DBF
TchGXIcIPdytzHQgAC50uhKiqc32sI3weHtUMweiYF7Fip5SaDRoDwR6RvfwY6XUJqHOZgC1kQa
shHa8E6lat6Cyi7PK29lk5ZvbUbnJ9n3PR1C2Q==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIFKTCCBBGgAwIBAgIkAhwR/6UpfOR12tND14KglLl6lwmgZUJPabz1NSLpAgICMXqOMA0GCSqG
SIb3DQEBBQUAMDUxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRcwFQYDVQQKFA5ET0JfQU1B
UDFfdHJlZTAeFw0xMDA3MjExOTQzMDZaFw0xMjA3MjExOTQzMDZaMEAxFTATBgNVBAMTDHRlc3Qt
c2lnbmluZzEWMBQGA1UECxMNYWNjZXNzTWFuYWdlcjEPMA0GA1UEChMGbm92ZWxsMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzXZM9iq4TovAODD38DPcWWi6WnjpSWfMPuAhPGovqeB
d943 4Mtl5sumVlBiZ5gduf6lje1gdofaeEGUHfxB85NnRWwGSlU9YcJcDUk1U7pEd lcAmv8ax
ajY5dnrfV5ShdVnTpNwZTE6Rb4TQ5sowYZbZvTebZjjBIVjlhJ9mKlYbomkPC4qroKLUWY B0zPY
k9RD5PRRCVF6Dg93Td5ZBNzOZ5PqVYIuy5A24dQtpRCRN7m/JUn1pAuqIdDWvpAFOyWZoeJhtBrG
5TABLpKRU8MQI0izb7KdmT5t7ocECXmdt 8CCLLOapg0rjYyuzYzx67kuTWt06r5N3w9iQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJxc 5vVttmxai1REoIOaeaD6KtSMB8GA1UdIwQYMBaAFJA2K98X
gUno3HU172FdovqJM6/8MIIBzAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBT
ZWN1cml0eSBBdHRyaWJ1dGUodG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3Np
dG9yeS9hdHRyaWJ1dGVzL2NlcnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYC
AQECAQoCAWmhGgEBADAIMAYCAQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf jggEEoFgCAQICAgD/
AgEAAw0AgAAAAAAAAAAAAAAAAwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAY
MBACAQACCH//////////AQEAAgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAA
AAAAAAAwGDAQAgEAAgh//////////wEBAAIEEf lKTAYMBACAQACCH//////////AQEAAgQR/6Up
ok4wTAIBAgIBAAICAP8DDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////
AQEAMBIwEAIBAAIIf/////////8BAQAwDQYJKoZIhvcNAQEFBQADggEBABxNc7zqYirc/zxWHeT8
LZvxFzu0uMAWfY8HLpjvb61ekS4NnDc/dx2ZtOQOJJGJPZvP85YU6yj71ecEnGqzjVlHqlV 4iC8
/YPlFA wIKLe0aKxhSDnMwN7gqVlab/gxxWNgRzfiY9I XmwzVy6JpfWaGM9XcqSGkIY9ddc1f9e
kbDn3MH6iVl UsKreifJ0qlG/ERvVFVXOWz3P0x3JBfnt9rxmy8O5uu0SPKgyzHBwcylECWw5WYv
0TfUTMdXdKjSj6POyvpPQZ9kUX10qxlm2wK6bZCQGdpYJwvHDhIn/Z2QLwf5fbZF6FcXQ7yezhPK
DHDphwGwajkO0q CWv8=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<samlp:Status><samlp:StatusCode Value="samlp:Success"/></samlp:Status>
<saml:Assertion AssertionID="id8WpvY1BeYhq5FY7GnY-aHWeWA3Y" IssueInstant="2011-08-22T16:27:06Z" Issuer="https://ids.integrysgroup.com/nidp/saml/metadata" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2011-08-22T14:27:06Z" NotOnOrAfter="2011-08-22T18:27:06Z"/><saml:AuthenticationStatement AuthenticationInstant="2011-08-22T16:27:06Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AWEBER</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AWEBER</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UserID" AttributeNamespace="alliance:attributes"><saml:AttributeValue>AWEBER</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="EISnumber" AttributeNamespace="alliance:attributes"><saml:AttributeValue>CEI</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Role" AttributeNamespace="alliance:attributes"><saml:AttributeValue>BROKER</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id8WpvY1BeYhq5FY7GnY-aHWeWA3Y"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">KCX1ESSgB5xcYFfciPzG0rYaMko=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
XwTW1S/Gmx8c6W42l6wplc99RX0tVottWl/T09MIqL68ii6 UoBmxTAs8Z euOqtrGFgSAdTc P7
twZPPUT0o8sQc9Ejrs72yNfvYOdSJwQXCW0wwUkbIzp G4vWaGGqbmwhyLabfsNKb4QmJE46HHO4
zGv3n/d55nG hYgAWClqOYAtJfBra/OL9WfI/pE9LyAdI1VTIOcRtG28Te9YRO5ixywzYjPrmZ5t
HmLnTOt4hnvTk8/MYXWlVi8SaMaTqva9QqTkmi4kYNo8fAD34OSqKFVDLzjT6B53Pc4cCjGMdgMy
rm87QanG/iWsfYUPRMNaTaN nx2JD8YF/lwWKg==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIFKTCCBBGgAwIBAgIkAhwR/6UpfOR12tND14KglLl6lwmgZUJPabz1NSLpAgICMXqOMA0GCSqG
SIb3DQEBBQUAMDUxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRcwFQYDVQQKFA5ET0JfQU1B
UDFfdHJlZTAeFw0xMDA3MjExOTQzMDZaFw0xMjA3MjExOTQzMDZaMEAxFTATBgNVBAMTDHRlc3Qt
c2lnbmluZzEWMBQGA1UECxMNYWNjZXNzTWFuYWdlcjEPMA0GA1UEChMGbm92ZWxsMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzXZM9iq4TovAODD38DPcWWi6WnjpSWfMPuAhPGovqeB
d943 4Mtl5sumVlBiZ5gduf6lje1gdofaeEGUHfxB85NnRWwGSlU9YcJcDUk1U7pEd lcAmv8ax
ajY5dnrfV5ShdVnTpNwZTE6Rb4TQ5sowYZbZvTebZjjBIVjlhJ9mKlYbomkPC4qroKLUWY B0zPY
k9RD5PRRCVF6Dg93Td5ZBNzOZ5PqVYIuy5A24dQtpRCRN7m/JUn1pAuqIdDWvpAFOyWZoeJhtBrG
5TABLpKRU8MQI0izb7KdmT5t7ocECXmdt 8CCLLOapg0rjYyuzYzx67kuTWt06r5N3w9iQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJxc 5vVttmxai1REoIOaeaD6KtSMB8GA1UdIwQYMBaAFJA2K98X
gUno3HU172FdovqJM6/8MIIBzAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBT
ZWN1cml0eSBBdHRyaWJ1dGUodG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3Np
dG9yeS9hdHRyaWJ1dGVzL2NlcnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYC
AQECAQoCAWmhGgEBADAIMAYCAQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf jggEEoFgCAQICAgD/
AgEAAw0AgAAAAAAAAAAAAAAAAwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAY
MBACAQACCH//////////AQEAAgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAA
AAAAAAAwGDAQAgEAAgh//////////wEBAAIEEf lKTAYMBACAQACCH//////////AQEAAgQR/6Up
ok4wTAIBAgIBAAICAP8DDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////
AQEAMBIwEAIBAAIIf/////////8BAQAwDQYJKoZIhvcNAQEFBQADggEBABxNc7zqYirc/zxWHeT8
LZvxFzu0uMAWfY8HLpjvb61ekS4NnDc/dx2ZtOQOJJGJPZvP85YU6yj71ecEnGqzjVlHqlV 4iC8
/YPlFA wIKLe0aKxhSDnMwN7gqVlab/gxxWNgRzfiY9I XmwzVy6JpfWaGM9XcqSGkIY9ddc1f9e
kbDn3MH6iVl UsKreifJ0qlG/ERvVFVXOWz3P0x3JBfnt9rxmy8O5uu0SPKgyzHBwcylECWw5WYv
0TfUTMdXdKjSj6POyvpPQZ9kUX10qxlm2wK6bZCQGdpYJwvHDhIn/Z2QLwf5fbZF6FcXQ7yezhPK
DHDphwGwajkO0q CWv8=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
</saml:Assertion>
</samlp:Response>

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended