Request missing SAMLResponse or TARGET form parameters.

Cantor, Scott cantor.2 at osu.edu
Wed Dec 3 09:51:48 EST 2014


On 12/3/14, 11:09 AM, "Shirlei" <shirlei at gmail.com> wrote:

>Hello!
>Guys, I'm trying to communicate a shibboleth sp to a simplesaml idp and at
>the end of the login process, I got this error:
>
>opensaml::BindingException at
>(https://200.237.193.112/Shibboleth.sso/SAML/POST)
>Request missing SAMLResponse or TARGET form parameters.

That means what it says. Whatever you're doing, it's not a proper 
integration. SSP works just fine, so you're doing something wrong 
yourself, apparently trying to access the SP's SAML endpoint by hand or 
something.

>I know by reading other threads that this is version related.

No, it's not.

> I installed saml tracer plugin and I can see that:
>
><saml1p:Response
>xmlns:saml1p=&quot;urn:oasis:names:tc:SAML:1.0:protocol&quot;
>                 IssueInstant=&quot;2014-12-03T10:59:16.133Z&quot;
>                 MajorVersion=&quot;1&quot;
>                 MinorVersion=&quot;1&quot;
>                
>Recipient=&quot;https://&lt;HOST>/simplesaml/module.php/saml/sp/saml1-acs.
>php/default-sp"

That shows a response issued to a SimpleSAML SP, not a Shibboleth SP.

>(...)
>
>    <saml1:Assertion
>xmlns:saml1=&quot;urn:oasis:names:tc:SAML:1.0:assertion&quot;
>                    
>AssertionID=&quot;_161dee348388d012ea9243e8c72cd860&quot;
>                     IssueInstant=&quot;2014-12-03T10:59:16.133Z&quot;
>                     Issuer=&quot;https://&lt;HOST>/idp/shibboleth"

And that suggests (just due to conventions for entityIDs) that the IdP is 
Shibboleth. Exactly the opposite of what you claim to be doing.

>Where should I put effort to solve this version issue: on the sp side or 
>on
>the IdP side? This is not clear to me.

It isn't clear to me what you're even doing.

-- Scott



More information about the users mailing list