Nexus Documentation

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Karolin Hemmingsson

Saved on

compared with

New Version Current

changes.mady.by.user Ann Base

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor


SEO Metadata
titleAuthentication libraries

Nexus GO authentication libraries are based on SAML and

...

used to verify the Nexus GO authentication

...

. To implement Nexus GO Authentication on your website, you need to use

...

these libraries. 

Nexus GO authentication libraries are based on SAML and used to verify the Nexus GO authentication. To implement Nexus GO Authentication on your website, you need to use these libraries

The authentication libraries are available for Java, .NET and PHP and require the following platform versions:

PlatformVersionLibrary for download
Java1.8 or higher

saml-validation-java-1.1.0.zip

.NET4.5 or higher

saml-validation-.net-1.1.0.zip

.NET Standard2.0saml-validation-.net-2.0.0.zip
PHP5.6 or highersaml-validation-php-1.1.0.zip

Sequence diagram

This diagram describes the traffic that takes place when a user logs in to the web application: 

...

Related information

Links

Sequence diagramImage Added


  1. The user visits the web application.
  2. The user logs in with the requested method. Nexus GO sends an authentication response.
  3. The user is redirected to the Validation URL, as specified in the environment.
  4. The authentication response is validated.
  5. The user is either logged in or denied. 

Anchor
initiationErrors
initiationErrors
Initiation errors and solutions

These errors are thrown when calling:

public static LibrarySamlEngine initialize(...)

 


Code

Message

Proposed Solution

Note

100

Invalid configurationPath argument

Verify that the specified folder exists.


101

IDP metadata file not found

...



102

Failed to read IDP metadata

Verify correct access to read the file.

Used in java

103

IDP metadata file not valid xml

Wrong file or file may have been altered causing the XML format to become invalid.


104

IDP metadata has an invalid SingleSignOnServices location

...

 


Used in java

105

IDP metadata has invalid certificate

The metadata did not contain a valid X509Certificate, consult the Identity Provider.


106

IDP metadata missing required certificate

The metadata did not contain a valid X509Certificate, consult the Identity Provider.


107

IDP missing SingleSignOnService for expected binding

The library requires that the IDP has one, and only one, SingleSignOnService with type “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”.

Either remove duplicated SingleSignOnService manually, or consult the Identity Provider.

Used in java

108

IDP had multiple SingleSignOnServices for expected binding

The library requires that the IDP has one, and only one, SingleSignOnService with type “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”.

Either remove duplicated SingleSignOnService manually, or consult the Identity Provider.

Used in java

109

IDP missing required protocol for SingleSignOnService

HTTPS is required. This is currently not configurable.

Used in java

110

IDP metadata is missing SSO descriptor

...



111

IDP metadata had multiple SSO descriptors

...



112

IDP metadata is missing EntityID

...

 



113

Failed to read PS metadata

Verify correct access to read the file.

Used in java

114

SP metadata file not found

...

 



115

SP metadata file not valid xml

Wrong file or file may have been altered causing the XML format to become invalid.


116

SP metadata has an invalid AssertionConsumerService location

...

 



117

SP missing required protocol for AssertionConsumerService

...



118

SP missing AssertionConsumerService for expected binding

...

 



119

SP had multiple AssertionConsumerService for expected binding

...

 



120

SP metadata is missing EntityID

...



121

SP metadata is missing SSO descriptor

Verify that the metadata files has not been switched.


122

SP metadata had multiple SSO descriptors

Either remove duplicated SSODescriptorType manually, or consult the Identity Provider.

...



Anchor
validationErrors
validationErrors
Validation errors and solutions

These errors are thrown when calling:

public static Result validateSamlResponse(...)

...


Code

Message

Proposed Solution

Note

200

SAML Response not valid XML

...



201

Destination URL did not match URL request was received on

The library tried to match URL in SAML Response Destination with SP metadata HTTP-Redirect URL location. If this fails, the metadata may be out-of-synch.


202

Invalid state, should be acting Service Provider

...

 


Used in java

203

Unable to resolve Identity Provider by EntityID

...


Used in java

204

Identity Provider is disabled

...


Used in java

205

Response did not contain any assertion and no encrypted assertions

...



206

Service Provider is missing required settings

...

 


Used in java

207

Failed to decrypt encrypted assertion(s), no key-pair

The current version of the library does not support decrypting encrypted assertions. Consult the Identity Provider.

Used in java

208

Identity Provider is missing public-key, failed to verify signature

...


Used in java

209

Unable to verify signature for SAML assertion

...


Used in java

210

Error when verifying signature

The signature was invalid. Signature verification could not be performed.

Used in java

211

Signature verification failed

The verification of the signature failed. The response may be tampered, or the IDP metadata is outdated and contains old public key. Consult the Identity Provider.


212

Response did not contain a valid Issuer

The issuer in the response did not match the EntityID in the IDP metadata.


213

Response Issuer did not contain a valid NameID

...

 


Used in java

214

Response did not contain a valid Subject

...



215

Response Subject did not contain a valid NameID

...


Used in java

216

Response Subject did not contain a contain NameID value

...



217

Response did not contain a valid AuthnStatement

...

 



218

Assertion did not contain expected Service Provider as audience

...

 

...



219

Assertion did not contain a valid NameID

...


Used in java

220

Attempting user attribute mapping without any attribute specified

...


Used in java

221

Did not find user

...

 


Used in java

222

Assertion subject is expired

The response is expired or not yet valid. Verify that SP and IDP system clock are in synch. It is recommended to use a trusted NTP server to avoid timing issues.


223

Assertion subject not yet valid

The response is expired or not yet valid. Verify that SP and IDP system clock are in synch. It is recommended to use a trusted NTP server to avoid timing issues.


224

Assertion is expired

The response is expired or not yet valid. Verify that SP and IDP system clock are in synch. It is recommended to use a trusted NTP server to avoid timing issues.


225

Assertion not yet valid

The response is expired or not yet valid. Verify that SP and IDP system clock are in synch. It is recommended to use a trusted NTP server to avoid timing issues.


226

Assertion did not contain Conditions

...

 



227

Assertion did not contain Status

...



228

Status did not contain StatusCode

...

 



229

StatusCode did not contain Value

...

 



230

Assertion status was not success

...

 



231

InResponseTo mismatch

...



232Multiple assertions in response
Used in .NET, PHP
233Request method not POST
Used in PHP

...