OIF SAML 2.0 verification issue

Similar Messages

• App verification issue

  Hello
  I am new to forums and iphones. I have downloaded a few apps and have had no problems. However I have recently had an issue with the Tesco Ireland app.
  When downloaded, I can start the app. The Tesco splash screen appears for a second or two, Then I get a red screen saying:
  VERIFICATION ISSUE
  Unlicensed Module(s) detected. You must be a subscriber to use one or more of the modules included with the project.
  Please contact Appcelartor support
  I have an iphone 5. IOS version 8.1.2. Network: Tesco Mobile.
  Has anybody seen or heard of this and is there a solution.
  Thanks
  Jaydon

  jaydon5201 wrote:
  Hello
  I am new to forums and iphones. I have downloaded a few apps and have had no problems. However I have recently had an issue with the Tesco Ireland app.
  When downloaded, I can start the app. The Tesco splash screen appears for a second or two, Then I get a red screen saying:
  VERIFICATION ISSUE
  Unlicensed Module(s) detected. You must be a subscriber to use one or more of the modules included with the project.
  Please contact Appcelartor support
  I have an iphone 5. IOS version 8.1.2. Network: Tesco Mobile.
  Has anybody seen or heard of this and is there a solution.
  Thanks
  Jaydon
  In bold is the solution contact the app developer or look at their support site.
  Not an iphone or Apple issue.

• IMessage Verification issues

  I have just had my 02 3gs iphone unlocked by 02 and have put my vodafone sim in. Now iMessage will not verify and my old number is greyed out in received in settings. I have changed number on phone settings, added new contact in contacts list and linked it. I have toggle on and off and hard reset. I have toggled auto date and time settings on and off etc. I have changed itunes account password. Still saying verifying with old number. Any help?

  tbh no, I'm on Vodafone payg but I see there seems to be a lot of verification issues on these forums and others. Instead of having to wipe is there any other way to get round this?

• OIF SAML 2.0 issue

  We are working with a partner on a SAML 2.0 setup and we are stuck with the following error. The partner is using Siteminder. We have uploaded the metadata file in our system, and when we test the connection an error occurs and this is showing up in the logs. Any ideas?
  10/01/10 11:53:36: ERROR oracle.security.fed.controller.ApplicationController.processServletRequest() - oracle.security.fed.controller.web.action.RequestHandlerRuntimeException: Could not locate XML signature verification service. Invalid EventReponse: could not locate the verification key for: bms2inter; oracle.security.fed.security.exceptions.NoSuchServiceException: Invalid EventReponse: could not locate the verification key for:
  bms2inter

  Any ideas on this? This is an urgent issue.

• Email verification issues

  When I try to log in with my Adobe ID, Browserlab pops opens a popup telling me that my email address needs to be verified. Ok, no problem. Click the resend verification button....right? Nope. When I click the "resend" button, all i get is another popup box that says "Authenication failed" with an "Close" button. Can someone at Adobe please tell me how to get my validation email? I really don't want to have to create another Adobe ID.
  Thanks!
  --ron

  Hi Ron,
  We were having intermittent issues yesterday with some of the backend servers we rely on for login. Can you please try again, and if you're still having issues, send the Adobe ID you're using directly to me in a private email ( [email protected] ) and we'll look into things from our end.
  Thanks,
  Mark

• SAML Token Profile Policies Issues

  Hi all
  i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.
  I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.
  I gave the Issues as http://com.example.idp/AssertingParty
  Below is the Soap Request Which i send to my Webservice.
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
  <wsse:Security
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
  <saml:Assertion
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="_15931837d93e95e7e7ffbaa038ad4942"
  IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
  <saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
  <saml:Subject>
  <saml:NameID Format="NameID">weblogic_sp</saml:NameID>
  <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
  </saml:Subject>
  <saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
  <saml:AuthnStatement>
  <saml:AuthnContext>
  <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
  </saml:AuthnContext>
  </saml:AuthnStatement>
  <saml:AttributeStatement>
  <saml:Attribute Name="Roles">
  <saml:AttributeValue>Administrators</saml:AttributeValue>
  </saml:Attribute>
  </saml:AttributeStatement>
  </saml:Assertion>
  </wsse:Security>
  </env:Header>
  <env:Body/>
  </env:Envelope>
  I am Getting the below error.
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
  <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>wsse:InvalidSecurityToken</faultcode>
  <faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.
  <WSEE:24>Created<SoapMessageContext.<init>:48>
  <WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
  <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
  <WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
  <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
  <WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
  <WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
  <WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
  <WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
  <WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>
  Please let me if i am doing any thing wrong.
  Thanks
  Ranjith

  Hi all
  i want to secure a Web service using SAML Token Profile Policies. I am using Wssp1.2-2007-Saml2.0-SenderVouches-Wss1.1.xml Policy.
  I have Configured SAML 2.0 Identity Assertion Provider in my WebLogic Server. And added Identity Provider partner.
  I gave the Issues as http://com.example.idp/AssertingParty
  Below is the Soap Request Which i send to my Webservice.
  <?xml version="1.0" encoding="UTF-8"?>
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header>
  <wsse:Security
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
  <saml:Assertion
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
  ID="_15931837d93e95e7e7ffbaa038ad4942"
  IssueInstant="2013-04-26T15:20:24.021Z" Version="2.0">
  <saml:Issuer>http://com.example.idp/AssertingParty</saml:Issuer>
  <saml:Subject>
  <saml:NameID Format="NameID">weblogic_sp</saml:NameID>
  <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
  </saml:Subject>
  <saml:Conditions NotBefore="2013-04-26T15:24:14.021Z" NotOnOrAfter="2013-04-26T15:50:24.021Z"/>
  <saml:AuthnStatement>
  <saml:AuthnContext>
  <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
  </saml:AuthnContext>
  </saml:AuthnStatement>
  <saml:AttributeStatement>
  <saml:Attribute Name="Roles">
  <saml:AttributeValue>Administrators</saml:AttributeValue>
  </saml:Attribute>
  </saml:AttributeStatement>
  </saml:Assertion>
  </wsse:Security>
  </env:Header>
  <env:Body/>
  </env:Envelope>
  I am Getting the below error.
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
  <env:Fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <faultcode>wsse:InvalidSecurityToken</faultcode>
  <faultstring>Invalid SAML token on CCS?Invalid SAML token when samlAsst= null</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  I turned on the Verbose in the Weblogic server and Got the Below log when i invoke the Web Service.
  <WSEE:24>Created<SoapMessageContext.<init>:48>
  <WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
  <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
  <WSEE:24>set Message called: [email protected]36368<SoapMessageContext.setMessage:65>
  <WSEE:24>Parsed header {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security: <name={http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security> <role=null> <mustUnderstand=true><SoapMsgHeaders.parseHeaders:202>
  <WSEE:24>tokenType: null, cred: [saml:Assertion: null], privkey: null<SAMLCredentialImpl.<init>:107>
  <WSEE:24>Class of cred is: class com.sun.xml.internal.messaging.saaj.soap.impl.ElementImpl<SAMLCredentialImpl.<init>:108>
  <WSEE:24>Instantiating SAMLAssertionInfoFactory<SAMLCredentialImpl.<init>:113>
  <WSEE:24>Getting SAMLAssertionInfo from DOM Element of CSS<SAMLCredentialImpl.<init>:141>
  <WSEE:24>Got erroron on SAMLAssertionInfo from DOM Element of CSS, msg =[Security:098517]Failed to get SAML assertion info: Unable to construct SAML 1.1/2.0 Schema object, can not perform validation.<SAMLCredentialImpl.<init>:152>
  Please let me if i am doing any thing wrong.
  Thanks
  Ranjith

• No binaries found for Verification issue in MPR Code Signing Test case

  Hi,
  We are trying to certify our WebSite Application as Gold Certified and to become Gold Certified Partner. We have run a MPR Test and while verifying the Code Signing test case, it shows that
  "No binaries found for verification". But the test case result is
  passed. Below I have placed screen shot for the same. We have signed all our Application related DLL's(Page related DLL's. Please let us know about this issue.
  Shankar S

  Hi Shankar,
  To the MPR Tool, it does not appear that you have installed any binaries.
  As you mention that your website contains DLLs, these have either not been installed via your MSI package or have already been installed before the test began.
  The tool will prompt when to Install, when to perform Primary Functionality, and when to Uninstall.
  If your website was already installed prior to beginnign test, you must retest.
  As you are applying for Gold level, assure you are testing on Server Core.
  Hope this helps,
  -Logo

• OIF SAML Attribute Mappings

  Looking for ideas:
  Trading partner requires us to send 4 attributes in our SAML 2.0 assertion (staticID, firstName, lastName, EmployeeID). We will be providing the same value for staticID and EmployeeID.
  When we configure Attribute Mappings within OIF, if we map the same LDAP attribute (employeenumber) for staticID and EmployeeID, only one of the attributes gets included in the SAML assertion. (3 attributes included in assertion rather than 4)
  If I map staticID to employeenumber and EmployeeID to <some other attr> all 4 attributes are included in assertion.
  Is there a way to make this happen? Does this violate a SAML standard?

  I am surprised that it is working. According to the following note:
  314948.1: How can I determine what SAML attribute fields are case sensitivity?
  the LDAP attributes specified should be in lowercase to work. Did you try specifying both fields in lowercase (employeenumber)?
  You should pose this question to Oracle.
  -shetty2k

• TIme Machine verification issue (Drobo and Airport Extreme)

  Hello. I recently purchased a Drobo (1st gen, off ebay) to replace a 1TB WD MyBook I was using as a Time Machine backup and Media Server.
  The Drobo is connected to an Airport Extreme base station over USB 2.0. My Mac is connected by ethernet to the Airport Extreme.
  I followed the instructions on the Drobo website to create a separate 500 gb partition for Time Machine and the rest to accommodate my media collection. http://support.datarobotics.com/app/answers/detail/a_id/67/related/1/session/L2F 2LzEvc2lkLzdta1VHNmZr
  The Time Machine backup seems to go OK, taking several hours to backup 160gb of data. Later on in the day, I'll get a message that says:
  "Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you."
  I've tried redoing the backup 4 or 5 times now. I've tried repairing permissions and the repairing the disk on both the Mac and the Drobo. I've learned that Time Machine Backups to Airdisks aren't officially supported by Apple (Although I never had a problem with my previous hard drive attached to the Airport Extreme, and Drobo say it's fine on their website - "Time Machine with a Drobo device connected to an AirPort Extreme or network attached (NAS) works. Just make sure you have updated Time Capsule or Airport Extreme to firmware 7.3.1 or later."
  Every time, after a couple of hours, I get the verification warning and have to delete the backup and start again. I wouldn't mind just going and buying another 500gb external drive to just attach to my Mac, only I now have a separate 500gb volume sitting on my Drobo that I can't do anything with and I can't delete because I don't have anywhere else to transfer the data from my Drobo while I reformat it!
  I'm running out of ideas and would love it if someone can offer some advice. Thanks guys!

  Hi. Thanks for the response and sorry for the double post in the Airport forum. I'm really just not sure if this is a Time Machine, Airport or Drobo issue.
  Everything is updated to the latest versions and I've been looking at the Drobo support site, but all I see is that Drobo is 'supposed' to work with Time Machine over Airport Extreme. However, I've tried everything I can think of and scoured forums over the weekend to try and get to the bottom of this. It's just bizarre that a cheap WD hard disk used to work, and a much more expensive Drobo doesn't.
  I've posted the same message to the forums over at the Drobo site, so we'll see what comes of it. I'm not that hopeful. This mysterious black box on my desk seems to have a mind of its own. Even now, even though I'm not reading or writing any data to it, I can hear the Drobo accessing data on the disks and moving things around. I'm not surprised if it's a bit too much for Time Machine to handle. I'm just a bit annoyed that I followed all of the advice from Data Robotics to the letter and it doesn't work, even though it should.
  I think I'll just give up and buy a firewire drive (I'm out of USB ports). I'm sure I'll find something I can move onto this redundant 500gb partition. Thanks for your help.

• Account Verification Issues

  I am trying to make an order and upon entering my username and password I get this account verification message. It says it will send a code to my email and I have to enter it. This is an annoying new step but ok I can deal with it. But the fact that I have not gotten and codes in my email is a real issue. Yes I have checked my junk mail and I have tried asking for the code again.
  All I want to do is make an order. I dont understand why I am being prevented from doing so. It seems like I will have to purchase from another source since Best Buy doesnt want my business online.

  Hello Richmoney,
  I was disappointed to read that you've been unable to place the order that you planned. Please accept my apology -- creating frustration is not the online experience that we strive to provide.
  Using the information that you provided when you signed up for our Community I was able to locate your BestBuy.com account and have initiated a password reset. Please follow the instructions in the email you receive. For best results, I recommend using a new, previously unused password. Please be sure to check your junk email folder for our message, as well as any email filtering rules that you may employ.
  Please let me know if you have questions or concerns. Thank you for writing to us!
  Sincerely,
  John|Social Media Specialist | Best Buy® Corporate
   Private Message

• OIF - SAML AttributeStatement not sending

  I set the "attribute mappings and filters" with a single attribute: givenname but it does not send over an attributestatement tag in the SAML. I turned on the xmlmessage so I can view the SAML. However, everything is present but the attributestatement with the attributes. I even put in some bogus attribute values but the authentication process is successful with no errors. The last thing I tried was to set"Enable attributes in Single Sign-on" but it did not change anything.
  Does anyone know how to send attributes in Oracle Identity Federation 11g?
  Edited by: user4985735 on Oct 13, 2009 2:57 PM

  I solved my own problem. The "Enable Attribute Query Responder" needed to be checked on the SAML 2.0 tab in the IDP. Ensure you export the metadata after making this change and load in OIF. The other step was to set the "Enable attributes for single sign-on" check box and setting an attribute for testing. I set an attribute name of "mail" with assertion name of "email" and check the send Attribute with assertion. If you choose a bogus attribute the attributestatement will not showup with no errors. If you are doing local testing by setting up IDP and SP on the same OIF instance, only set the SP "Enable attribute for single sign-on" (not IDP). Logic was telling me to set the IDP "enable attribute for single sign-on" but this was wrong. It should be set in the SP metadata. There really is not that many steps once you know how the attributes work but if you try through trial-and-error, you can spend weeks before you get lucky with the right combination.

• "Application failed code sign verification" - Issue with loading Content ViewerApp to iTunes Connect

  Hi There
  I have built content via InDesign CS5.5, created folio using Foliio Builder and downloaded and built and iPad app via the Viewer Builder.  All the Certificate and provisioning info has been entered correctly and the Viewer Builder does not report any errors. The VB then creates the two version (Development & Distribution) of apps.
  The app works fine on the iPad when testing the Developer Viewer (ipa). However, when I try to submit the Distribution app (distribution-viewer.zip) to the iTunes Connect store, I am encountering the following error:
  Application failed codesign verification. The signature was invalid, or it was not signed with an Apple submission certificate.
  Any ideas guys on why i'm encountering this issue. I've been battling this for 2 whole days.  Responses would be greatly appreciated as I am now a day behind the clock
  Note: I have created the app definition in the iTunes Connect for this app.
  regards
  David

  Thanks Ali
  I am certain I had selected the distribution certs as I have them named very explictly. I have rebuilt the app....numerous times ensure the right cert.
  Anyways, I solved the issue by revoking my certs / MP and creating / exporting them and then building the app. When submitted now, it went thru.
  Given this was the first app, I had the luxury of revoking my certs / mp. What would happen if this was not the first...
  David

• OSMF SWF verification issues...

  Hi,
  I am having some sporadic issues with OSMF implementation of DRM / SWF verification.
  Under some (as yet murky, but semi-replicable...) circumstances, it is possible to get the licence download to stall in a way that crashes the licence process and so blocks play of _all_ protected content. This block remains in place after browser restart etc. and can occasionally require manual "Deauthorize this computer" and browser cache clearance etc. to resume. The closest I have come to a reliable way to replicate the issue is to place a manual block on the licence request to delay it by a second or two which can reliably crash playback of protected content... but it only works on selected PCs.
  As we haven't yet managed to isolate the cause enough to get Adobe's assistance, I am asking for any potential avenues for detecting / debugging / diagnosing the issue?
  I have tried adding listeners to all available events on the OSMF DRMTrait but all this will tell me is either uninitialized, authenticationError or authenticationComplete. (Seemingly, the other DRMState values are either unused or unreported.) Equally, the changes for these seem to happen too quickly to display them on screen.
  G

  Hi,
  As of now, you cannot use SWFVerification to protect HTTP Streaming, as HTTP Streaming does not require connection with core process of FMS, but request is handled by f4f module in apache. The current way to ensure protection of HTTP streams is to use Flash Access for encryption of fragments. You can find more about Flash Access here at http://www.adobe.com/products/flashaccess/
  Thanks,
  Abhishek

• Academic Verification Issues

  I submitted my verification over a week ago and haven't heard anything yet. 2+ days ago I submitted an inquiry regarding my lack of serial number and haven't gotten a response. My clients are asking me where there pictures are and I don't have the heart to tell them I haven't even started editing them yet! I NEED MY SERIAL NUMBER! Assistance would be greatly appreciated.
  I submitted my academic verification for Photoshop at www.identit-e.com/adobe under the email [email protected]
  Help!

  Hi jb,
  This is the forum for BrowserLab, a service for cross-browser testing of web pages. I am unable to help you out directly with this issue, but I have forwarded this thread along to our internal customer support team and they should be able to help you get this resolved.
  Best of luck,
  Mark

• AD External Authentication Plug-In verification issue

  We are working on a Proof of Concept instance to integrate MS AD with OID for the first time for E-Biz 11i.
  1) I completed the bulk load of all the existing users from AD to OID successfully
  2) completed enabling the syncrhonization profile
  3) Ran the txkrun.pl successfully
  4) However i wanted to check the External authentication plug-in and i get the below issue.
  How to debug ldapcompare ? Where is the logfile for ldapcompare ?
  ldapcompare -h OID_Host -p 389 -D "cn=orcladmin" -w ******* -b "cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us" -a userPassword -v abcdefgh
  The value abcedefgh is not contained in the attribute userPassword in DN cn=lastname\, firstname,ou=consultants,ou=users,ou=usaeast,dc=adadmin,dc=lps,dc=netsrv,dc=us.
  An ldapbind on the same AD server is successful, but ldapcompare is failing.

  I get invalid credentials. Though the network password is correct. I feel its somewhere i messed up the 3rd party plug-in configuration. Is there a method to get debug information for ldapcompare command ?
  From metalink NOTE : 277382.1
  "When using the above command, ldapcompare binds to OID using the OID admin user (typically "cn=orclAdmin") and password. Then it provides the AD username and requests that the value supplied as AD-USER-PASSWORD be compared to whatever is stored in AD username's userPassword attribute. Because OID does not store a value in its own user entries/userPassword attributes for AD-synchronized entries, this ldapcompare call will cause OID to invoke the plug-in and verify the userPassword value in AD instead.
  If the plug-in works, the ldapcompare should return a message saying that the given password is contained in the userpassword attribute, e.g.
  "