IDP03 unsolicited sso support

Cantor, Scott cantor.2 at
Thu May 7 09:55:01 EDT 2015

On 5/7/15, 9:32 AM, "Peter Schober" <peter.schober at> wrote:

>* Alexander Galilov <alexander.galilov at> [2015-05-07 14:56]:
>> 2015-05-07 15:49:33,070 - ERROR
>> []
>> - SPSSODescriptor for entity ID ''
>> indicates AuthnRequests must be signed, but inbound message was not signed
>If that vendor indeed communicates (via SAML metadata) that the
>authentication requests it generates need to by signed by it, then
>they better start generating authentication requests.
>I'd open a support request for them to get SP-initiated SSO working,
>instead of messing around with IDP-initiated.

Salesforce *is* SP initiated, it works as well as any other bad implementation. I believe their metadata is broken and indicates it's going to sign the requests, but doesn't. That's certainly the cause of the error anyway, which should be pretty self-evident.

-- Scott

More information about the users mailing list