SAML AuthnRequest not accepted

Andrew Morgan morgan at
Wed Nov 5 19:06:47 EST 2014

On Wed, 5 Nov 2014, Cantor, Scott wrote:

> On 11/5/14, 11:11 PM, "Andrew Morgan" <morgan at> wrote:
>> ERROR [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:200] -
>> SAML message intended destination endpoint URI required by binding was
>> empty
> That's a missing Destination attribute, so...
>> Here is the working SAML from the prod instance:
> That is in fact not a working message. The one that worked had a
> Destination attribute in the root element.

Well...  It works somehow.  I captured that SAML using SAML tracer in 
Firefox, and I can successfully login to the prod instance.  No error 
message is put in the idp-process.log when the request comes from the prod 

If you'd like to capture the SAML request yourself, here are the URLs:

   beta (failing):

   prod (working):

Both of them are missing the Destination attribute.  I'm using IDP v2.4.0.


More information about the users mailing list