Spring Security Saml + Idp 3.1.2: The application you have accessed is not registered for use with this service

Brent Putman putmanb at georgetown.edu
Wed Aug 26 14:53:49 EDT 2015

On 8/26/15 8:55 AM, Павел Шашко wrote:
> But after redirect from idp login page back to app I have error:
> HTTP Status 401 - Authentication Failed: Error decoding incoming SAML
> message
> and in log:
>  Cannot localize sender entity by SHA-1 hash from the artifact at
> org.springframework.security.saml.websso.ArtifactResolutionProfileBase.resolveArtifact(ArtifactResolutionProfileBase.java:77) 

One question is: why are you using SAML Artifact binding?  That's not
very typical for standard web SSO.

> I understand that the problem is on the side of
> spring-security-saml, but maybe you can tell me where to find the
> problem?
> full description of my problem on stackoverflow:
> http://stackoverflow.com/questions/32221517/spring-security-saml-cannot-localize-sender-entity-by-sha-1-hash-from-the-artif
> similar
> problem: http://forum.spring.io/forum/spring-projects/security/saml/723768-http-status-401-authentication-failed-error-decoding-incoming-saml-message

Well, I'm not familiar with Spring Security's SAML support, but the 2nd
forum thread hints at the problem and solution at the end where it says:

> Hi,
> I solved this problem - it was related with no metadata related with
> received id od IdP. After add it this problem has gone.
> Infortunately, there was no information about received id of IDP in logs.

I.e. your SP needs metadata for the IdP.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150826/98eb2d67/attachment.html>

More information about the users mailing list