IDP03 unsolicited sso support

Rod Widdowson rdw at
Thu May 7 09:15:54 EDT 2015

> Does it mean that if I go to
> https://iis.authasas.local/idp/profile/SAML2/Unsolicited/SSO?providerId=
> in my browser then it should work?

Yes, and indeed it does work (in that the initiated IO works).

> I got an error message and few records in idp logfile:
> 2015-05-07 15:49:33,070 - ERROR [] 
> - SPSSODescriptor for entity ID '' indicates AuthnRequests must be signed, but inbound message was not signed

I'm sure we had this recently but I cannot find the link.  

This means that your metadata for salesforce is wrong.  Look for "AuthnRequestsSigned" in the SPSSODescriptor.


More information about the users mailing list