IDP03 unsolicited sso support
Rod Widdowson
rdw at steadingsoftware.com
Thu May 7 09:15:54 EDT 2015
> Does it mean that if I go to
>
> https://iis.authasas.local/idp/profile/SAML2/Unsolicited/SSO?providerId=https://authtest.my.salesforce.com
>
> in my browser then it should work?
Yes, and indeed it does work (in that the initiated IO works).
> I got an error message and few records in idp logfile:
>
> 2015-05-07 15:49:33,070 - ERROR [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:75]
> - SPSSODescriptor for entity ID 'https://authtest.my.salesforce.com' indicates AuthnRequests must be signed, but inbound message was not signed
I'm sure we had this recently but I cannot find the link.
This means that your metadata for salesforce is wrong. Look for "AuthnRequestsSigned" in the SPSSODescriptor.
/R
More information about the users
mailing list