SAML AuthnRequest not accepted
morgan at orst.edu
Wed Nov 5 19:06:47 EST 2014
On Wed, 5 Nov 2014, Cantor, Scott wrote:
> On 11/5/14, 11:11 PM, "Andrew Morgan" <morgan at orst.edu> wrote:
>> ERROR [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:200] -
>> SAML message intended destination endpoint URI required by binding was
> That's a missing Destination attribute, so...
>> Here is the working SAML from the prod instance:
> That is in fact not a working message. The one that worked had a
> Destination attribute in the root element.
Well... It works somehow. I captured that SAML using SAML tracer in
Firefox, and I can successfully login to the prod instance. No error
message is put in the idp-process.log when the request comes from the prod
If you'd like to capture the SAML request yourself, here are the URLs:
beta (failing): https://oregonstate.beta.instructure.com/login
prod (working): https://oregonstate.instructure.com/login
Both of them are missing the Destination attribute. I'm using IDP v2.4.0.
More information about the users