An error SAML response status was received. urn:oasis:names:tc:SAML:2.0:status:Responder

I‘m using SAML ASP.NET to connect ADFS. Now I got the error page, did anyone can help me to resolve it?


I configure the ADFS server by the following Link document:
https://www.componentspace.com/documentation/saml-for-asp-net/integrations/ComponentSpace%20ADFS%20Relying%20Party%20Integration%20Guide.pdf



ADFS returns a generic error status if anything goes wrong. The most likely cause is a configuration mismatch.

You need to ask the ADFS admin to take a look at the Windows event log on the ADFS server. There will be one or more error events associated with the error status that will provide more specific information.

[quote]
ComponentSpace - 2/16/2020
ADFS returns a generic error status if anything goes wrong. The most likely cause is a configuration mismatch.

You need to ask the ADFS admin to take a look at the Windows event log on the ADFS server. There will be one or more error events associated with the error status that will provide more specific information.
[/quote]

Thank you for answer my question! I have reviewed the event on adfs server. Maybe here are problems?

日志名称: AD FS/Admin
来源: AD FS
日期: 2020/2/14 14:28:18
事件 ID: 364
任务类别: 无
级别: 错误
关键字: AD FS
用户: PLATINUMCLOUD\administrator
计算机: adfstest.platinumcloud.cn
描述:
联合身份验证被动请求期间遇到错误。

其他数据

协议名称:
Saml

信赖方:
https://apps.platinumchina.com/MvcExampleServiceProvider

异常详细信息:
Microsoft.IdentityModel.Protocols.XmlSignature.SignatureVerificationFailedException: MSIS0038: SAML 消息的签名错误。颁发者:“https://apps.platinumchina.com/MvcExampleServiceProvider”。
在 Microsoft.IdentityServer.Protocols.Saml.Contract.SamlContractUtility.CreateSamlMessage(MSISSamlBindingMessage message)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
在 Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
在 Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
在 Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)


It would appear that the signature on the authn request sent by your SP application couldn’t be verified by ADFS.

Please ensure that the certificate (.CER file) configured under the Signature tab of your replying party’s properties in ADFS corresponds to the private key (.PFX file) used to generate these signatures. The private key/certificate for signature generation is configured in your app’s saml.config under the section.

[quote]
ComponentSpace - 2/16/2020
It would appear that the signature on the authn request sent by your SP application couldn't be verified by ADFS.

Please ensure that the certificate (.CER file) configured under the Signature tab of your replying party's properties in ADFS corresponds to the private key (.PFX file) used to generate these signatures. The private key/certificate for signature generation is configured in your app's saml.config under the section.
[/quote]

Great! I have resolve the problem! Thanks for your support!

You’re welcome.