Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
1
Helpful
3
Replies

"Validate assertion failed" when forwarding assertion for XML API authentication

colinccampbell
Level 1
Level 1

‎01-08-2016 07:10 AM - edited ‎06-04-2019 02:21 AM

What might I be doing wrong here?  My test webex account and my learning management system are both configured to use the same IdP.  I set up an SP to get the same attributes as those that the IdP sends to webex.  I configured the IdP to include the webex entityID in the AudienceRestriction part of the assertion.

After authenticating in my learning management system, I get the assertion (starting with <saml2:Assertion...)  and base64 encode it.  I then send that base64 encoded assertion to the webex in an AuthenticateUser call using the API test form.  I do that before the assertion expires.

Despite numerous attempts with minor adjustments, nothing works.  I always get "<serv:exceptionID>AS0062</serv:exceptionID><serv:reason>Validate assertion failed</serv:reason>".  Shouldn't these steps work?  Am I supposed to use a different assertion?

Labels:
0 Helpful
3 Replies 3

jacoadam
Level 5
Level 5

‎01-08-2016 07:16 AM

Hello Colin-

Thanks for your inquiry! I would like to try to duplicate your issue or connect you with someone who's a bit more of an expert at WebEx than myself. Just one question first, are you testing this out in the WebEx Sandbox or some other environment?

Thanks!
Jacob

0 Helpful

colinccampbell
Level 1
Level 1
In response to jacoadam

‎01-08-2016 07:34 AM

Hi Jacob - Yes.  I posted this in the wrong place.  It's my first attempt to post an item and I messed up, so I re-posted in the correct area with an apology for the duplicate post.  I am not using the sandbox for this because I understand that, because it's a shared environment, it does not support SAML authentication.  Is that correct?

0 Helpful

jacoadam
Level 5
Level 5
In response to colinccampbell

‎01-08-2016 08:37 AM

Colin-

I believe that is correct. This WebEx lab doesn't allow any access to API's that require admin privileges since this is a shared environment.Just a few non-admin API's can be accessed with that lab. However, if you need a more dedicated lab you can take a look at the Gold Developer Plan. If I have answered your question, please mark this thread as "answered."

Please let me know if you have any questions and I'd be happy to get you directed to the right place.

Thanks!

Jacob

Customers Also Viewed These Support Documents