The Plan
We went to configure shibboleth as the IdP so we can do SSO. We have shibboleth configured already for the many other things we do like email and account information, but when trying to add in our API publisher to the mix we seem to be getting an error. We believe it to be a wso2 configuration error. We been using this wso2 documentation as a template: How to Configure Shibboleth IdP as a Trusted Identity Provider
The Situation
So far we are able to get to the login screen and put in our credentials, but when it tries to redirect us we get a Error 401 : Authorization Required.
SAML code
<saml2p:Response
Destination="localhost"
ID="mbnfmmagbmefckldpefbmjopkadjahbkocadhmib"
InResponseTo="lihfmcpiofkdkhphfbahlndllmmemhldckammgaf"
IssueInstant="2016-12-05T16:20:37.939Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">IdsDev
</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#mbnfmmagbmefckldpefbmjopkadjahbkocadhmib">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="xs"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>9xbWKA7A+
7k7Vaz6O18z8Xliqbo=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>kX11Q4eCUyME+VP5M7+5iI6D45kqQgE6MIqth7hNosSmfdSD3kZS0dwlcNwVlrzA64LMUZxclU256xP6w6nn0TqEqLjKy/tGXeQbKjaYrPcXx6336kIp8YGajqDiBh7IJswFDxugLoRx70APaKGthJi5VwRea1oT3lE4RHJoMgiN7o5FO1N+8IE34zEJLmTIpt+lYdXQPJanN29GY9YfIouFe2TGfHfXd9PT2nt7Dmf+M69DM3giEyizbzljYHdkjJrTlqoYTlHBHNPq8NF/+1wwuL76SP0Bory4k/7JvelW6RSAz82pdjDc0ublBmuceTENza2GiC2sitVQPycl/
g==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFejCCBGKgAwIBAgIQCKTAgWTgw/Ea7HQ+L665tTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNjA5MjYwMDAwMDBaFw0xOTEwMDExMjAwMDBaMHIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVJZGFobzEQMA4GA1UEBxMHUmV4YnVyZzEnMCUGA1UEChMeQnJpZ2hhbSBZb3VuZyBVbml2ZXJzaXR5LUlkYWhvMRgwFgYDVQQDEw9pZHNkZXYuYnl1aS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeLpdcJnXbGKRYujiUIoCOFrjR3PZ2E+BmzGNNTSTbnxjRPCJpjoI/5OWXPV/59I4s+b/lMaVuth5G8FD/yGDE/cyOKHM79G8UR399aqflqVWCfBc5Kqf7oKByBiost5JQyLGUTlXOvOKvLNTSHEC1gZUYP6Sn9m7/HOtcaMji32N0Pr22NYk92LSbUZqwVUM5e71q7Yze4OTiAv/Sd3Us1M4YgD+qJpy15Rph5Uo7jq1J9YE38dVmznJKD5xKt6G5Bn/b7pWipnhfG9gNJhjkpP/IVOfkpsDIm4QDXOArjzV/qLck8GF6zr8+PiUM4k/peottkvq6UV0AKPiv/DPJAgMBAAGjggIMMIICCDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUgpnRRipdTainSlDqezFYUGdyKWgwPgYDVR0RBDcwNYIPaWRzZGV2LmJ5dWkuZWR1ghBJZHNEZXYxLmJ5dWkuZWR1ghBJZHNEZXYyLmJ5dWkuZWR1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADAayQq4l5DqWmgste9KgnqWOkOkjWw7bxu7WOh++oPyaNlyzieaz2ZJXrf4bHHeF5pCA9FUzhpdwGg+iWzt5Wd8L3G50mEUBJKjKgAzkOr9ywoGlPio/GaqqNrMmKhmLQDz6hcIoCk3SXAR5GDzRCjn5PZvboL9l+uTCE0h6Sg8qCRjgIYvOHbN8FhMla2opx2B7mnX5jAnfzfnJgGQZERLDSy8dvYhtXBaxaCzDqfYwZFQjec+IRjHHHLQpAPKzB5ARNe5IYlSMfkbi71kNpaFQ1WAJtAO+9pld5zgA/
OvSamgXd5RBJbXq376LX3r9jcYGpQwJT3hqMl9Qa1B0pY=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion
ID="gihomiibdbpcojhdmjofkecelaibhdcdonghhkpm"
IssueInstant="2016-12-05T16:20:37.939Z"
Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">IdsDev
</saml2:Issuer>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#gihomiibdbpcojhdmjofkecelaibhdcdonghhkpm">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
PrefixList="xs"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Z7DIvjwTk4JpF0TRMNzo3Z/
4sfc=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>h1Stjkbw306VU7TN5OEou2XII3nzvhr34GVbced5Gk7q+EZailZusYISkC11eJjk4Y+CejMa4RODelwnMAdpfeWmMYz6ukk0jh9RH97/uWPOWKfOp4n/oXVnYE3rdImGcb1egas/zprqM7Pl8mbwI7vK3ScMUagBg6Td1sxHfRgVBk6r8C+40sgTAG8LsOd+q8LKNYj5mSeZ5K34SBdkmMWNpAS9mOT9CSJfWOrd9uAvFXHeuWN31MbIgVV5seEMfUzC18I/4s3qXwWqIvQxIsF8l9WuIuMYsFPT+oQJBU/ltQVf54w29k50tvN+LyvmNbZCZANf+
3JXwygyImc2Yg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIFejCCBGKgAwIBAgIQCKTAgWTgw/Ea7HQ+L665tTANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNjA5MjYwMDAwMDBaFw0xOTEwMDExMjAwMDBaMHIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVJZGFobzEQMA4GA1UEBxMHUmV4YnVyZzEnMCUGA1UEChMeQnJpZ2hhbSBZb3VuZyBVbml2ZXJzaXR5LUlkYWhvMRgwFgYDVQQDEw9pZHNkZXYuYnl1aS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeLpdcJnXbGKRYujiUIoCOFrjR3PZ2E+BmzGNNTSTbnxjRPCJpjoI/5OWXPV/59I4s+b/lMaVuth5G8FD/yGDE/cyOKHM79G8UR399aqflqVWCfBc5Kqf7oKByBiost5JQyLGUTlXOvOKvLNTSHEC1gZUYP6Sn9m7/HOtcaMji32N0Pr22NYk92LSbUZqwVUM5e71q7Yze4OTiAv/Sd3Us1M4YgD+qJpy15Rph5Uo7jq1J9YE38dVmznJKD5xKt6G5Bn/b7pWipnhfG9gNJhjkpP/IVOfkpsDIm4QDXOArjzV/qLck8GF6zr8+PiUM4k/peottkvq6UV0AKPiv/DPJAgMBAAGjggIMMIICCDAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUgpnRRipdTainSlDqezFYUGdyKWgwPgYDVR0RBDcwNYIPaWRzZGV2LmJ5dWkuZWR1ghBJZHNEZXYxLmJ5dWkuZWR1ghBJZHNEZXYyLmJ5dWkuZWR1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADAayQq4l5DqWmgste9KgnqWOkOkjWw7bxu7WOh++oPyaNlyzieaz2ZJXrf4bHHeF5pCA9FUzhpdwGg+iWzt5Wd8L3G50mEUBJKjKgAzkOr9ywoGlPio/GaqqNrMmKhmLQDz6hcIoCk3SXAR5GDzRCjn5PZvboL9l+uTCE0h6Sg8qCRjgIYvOHbN8FhMla2opx2B7mnX5jAnfzfnJgGQZERLDSy8dvYhtXBaxaCzDqfYwZFQjec+IRjHHHLQpAPKzB5ARNe5IYlSMfkbi71kNpaFQ1WAJtAO+9pld5zgA/
OvSamgXd5RBJbXq376LX3r9jcYGpQwJT3hqMl9Qa1B0pY=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">username
</saml2:NameID>
<saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData
InResponseTo="lihfmcpiofkdkhphfbahlndllmmemhldckammgaf"
NotOnOrAfter="2016-12-05T16:25:37.939Z"
Recipient="localhost"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions
NotBefore="2016-12-05T16:20:37.939Z"
NotOnOrAfter="2016-12-05T16:25:37.939Z">
<saml2:AudienceRestriction>
<saml2:Audience>API_PUBLISHER</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement
AuthnInstant="2016-12-05T16:20:37.941Z"
SessionIndex="cbc00514-954b-4de2-8e7b-b50edf9c5976">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute
Name="http://wso2.org/claims/fullname"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string">username
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
