SAML And Invalid Arguments

Another silly support tip for Domino and Third Party SAML XML documents,

If you are hitting this post it is most likely you got here via a google search, so it does not have the whole back ground on SAML but after creating a Idp configuration and restarting you might get this line in the console:

HTTP Server: Error reading IdP configuration for server saml XXX.XXX.XXX.XXX:Invalid arguments

This odd little error is nearly always down to character returns in the X509 certificate in the imported XML file (easy to find and fix just go and edit the XML document provided by your SAML provider and remove them)

However the XML document I had did not have any character returns (cue a little head scratching), what it did have right at the sodding end of the very long line was an extra space….

so in the <ds:X509Certificate> tag in the SAML Import XML make sure you don’t have ANY characters that are not part of the certificate.

If this still does not work and you actually want to see if you have got a proper certificate you can you the wonderful to have a good look at it

Just get the text in between the <ds:X509Certificate>CERT TEXT</ds:X509Certificate> tags and paste it into a empty text file with a *.cer extension, then open it up with the “inspect a certificate” Option.

Sametime 901 and IP6

Now I don’t do Sametime very much, its a area of horror I leave to people like Gab Davis, but this this was a fix that Gab found that I felt needing sharing

So it was a standard install on a client site on clean windows 2012 servers built by the client. with only basic services to be provided, simples eh?


instead we get this bundle of fun when trying to login on the web client for meetings

CommunityServ W doService, SID:
12345678-AAAA-1234-ZZZZ-123456789555 CLFRX0030E: Login is not completed in 10 seconds. User XXXX XXXX will be logged out.
that login is not completed in 10 secs

After a good deal of grumbling and checking of settings it was decided to make sure IP6 was not used, I checked in the windows setting and it did not look as if it was enabled, Gab however point out that that would not be enough and sent me to this

which is a little download to completely disable the feature, I ran it on a the various servers and voilà , suddenly everything works.

Just a tip in case it is needed……

Salesforce Pardot Multi Completion Rules

I do pardot implementations amongst my other salesforce stuff, which always seem to involve a number of hacks to bend the Salesforce and Pardot functions to meet the existing behaviours that the client wants.

Now pardot has “completion actions” these are very useful jobs that are performed when a form is submitted, but limited in that they are not conditional, i.e. you cant say “if field X = Y then do W action else do Z action”, Pardot them selves show you a way round this using form field based completion actions.

This is a nice trick and can be used as a base for more complex things, namely running MULTIPLE completion actions, an example of which is shown below

<script type="text/javascript">
var email = encodeURIComponent('%%email{js}%%')
case 'true': document.write('<iframe src="FORM_HANDLER_1_URL?email=' + email + '" height="1px" width="1px" ></iframe>');
case '': document.write('<iframe src="FORM_HANDLER_2_URL?email=' + email + '" height="1px" width="1px" ></iframe>');
case 'true': document.write('<iframe src="FORM_HANDLER_3_URL?email=' + email + '" height="1px" width="1px" ></iframe>');
case '': document.write('<iframe src="FORM_HANDLER_4_URL?email=' + email + '" height="1px" width="1px" ></iframe>');

This means that you can run a lot of conditional rules based on the fields in the one form, the most common use I make of this is of a [Custom Email Preference Center Pages]( but one where a user can fill in more details than just their email address.
Oh one final note, you will see on the pardot instructions they close their iframes with a “/>” this wont work if you have multiple iframes on one page you need to close of iframes properly with “</iframe>”