https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502599#M1362 <HTML><HEAD></HEAD><BODY><P>What might I be doing wrong here?&nbsp; My test webex account and my learning management system are both configured to use the same IdP.&nbsp; I set up an SP to get the same attributes as those that the IdP sends to webex.&nbsp; I configured the IdP to include the webex entityID in the AudienceRestriction part of the assertion.</P><P></P><P>After authenticating in my learning management system, I get the assertion (starting with &lt;saml2:Assertion...)&nbsp; and base64 encode it.&nbsp; I then send that base64 encoded assertion to the webex in an AuthenticateUser call using the API test form.&nbsp; I do that before the assertion expires.</P><P></P><P>Despite numerous attempts with minor adjustments, nothing works.&nbsp; I always get "&lt;serv:exceptionID&gt;AS0062&lt;/serv:exceptionID&gt;&lt;serv:reason&gt;Validate assertion failed&lt;/serv:reason&gt;".&nbsp; Shouldn't these steps work?&nbsp; Am I supposed to use a different assertion?</P></BODY></HTML> Tue, 04 Jun 2019 09:21:15 GMT colinccampbell 2019-06-04T09:21:15Z https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502599#M1362 <HTML><HEAD></HEAD><BODY><P>What might I be doing wrong here?&nbsp; My test webex account and my learning management system are both configured to use the same IdP.&nbsp; I set up an SP to get the same attributes as those that the IdP sends to webex.&nbsp; I configured the IdP to include the webex entityID in the AudienceRestriction part of the assertion.</P><P></P><P>After authenticating in my learning management system, I get the assertion (starting with &lt;saml2:Assertion...)&nbsp; and base64 encode it.&nbsp; I then send that base64 encoded assertion to the webex in an AuthenticateUser call using the API test form.&nbsp; I do that before the assertion expires.</P><P></P><P>Despite numerous attempts with minor adjustments, nothing works.&nbsp; I always get "&lt;serv:exceptionID&gt;AS0062&lt;/serv:exceptionID&gt;&lt;serv:reason&gt;Validate assertion failed&lt;/serv:reason&gt;".&nbsp; Shouldn't these steps work?&nbsp; Am I supposed to use a different assertion?</P></BODY></HTML> Tue, 04 Jun 2019 09:21:15 GMT https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502599#M1362 colinccampbell 2019-06-04T09:21:15Z https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502600#M1363 <HTML><HEAD></HEAD><BODY><P>Hello Colin-</P><P></P><P>Thanks for your inquiry! I would like to try to duplicate your issue or connect you with someone who's a bit more of an expert at WebEx than myself. Just one question first, are you testing this out in the WebEx Sandbox or some other environment? </P><P></P><P>Thanks!<BR />Jacob </P></BODY></HTML> Fri, 08 Jan 2016 15:16:48 GMT https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502600#M1363 jacoadam 2016-01-08T15:16:48Z https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502601#M1364 <HTML><HEAD></HEAD><BODY><P>Hi Jacob - Yes.&nbsp; I posted this in the wrong place.&nbsp; It's my first attempt to post an item and I messed up, so I re-posted in the correct area with an apology for the duplicate post.&nbsp; I am not using the sandbox for this because I understand that, because it's a shared environment, it does not support SAML authentication.&nbsp; Is that correct?</P></BODY></HTML> Fri, 08 Jan 2016 15:34:41 GMT https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502601#M1364 colinccampbell 2016-01-08T15:34:41Z https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502602#M1365 <HTML><HEAD></HEAD><BODY><P>Colin- </P><P></P><P>I <EM>believe </EM>that is correct. This WebEx lab doesn't allow any access to API's that require admin privileges since this is a shared environment.Just a few non-admin API's can be accessed with that lab. However, if you need a more dedicated lab you can take a look at the Gold Developer Plan. <SPAN style="font-size: 13.3333330154419px;">If I have answered your question, please mark this thread as "answered."</SPAN></P><P></P><P>Please let me know if you have any questions and I'd be happy to get you directed to the right place. </P><P></P><P>Thanks!</P><P>Jacob </P></BODY></HTML> Fri, 08 Jan 2016 16:37:15 GMT https://community.cisco.com/t5/devnet-sandbox/quot-validate-assertion-failed-quot-when-forwarding-assertion/m-p/3502602#M1365 jacoadam 2016-01-08T16:37:15Z