IDP03 unsolicited sso support
Cantor, Scott
cantor.2 at osu.edu
Thu May 7 09:55:01 EDT 2015
On 5/7/15, 9:32 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
>* Alexander Galilov <alexander.galilov at gmail.com> [2015-05-07 14:56]:
>> 2015-05-07 15:49:33,070 - ERROR
>> [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:75]
>> - SPSSODescriptor for entity ID 'https://authtest.my.salesforce.com'
>> indicates AuthnRequests must be signed, but inbound message was not signed
>
>If that vendor indeed communicates (via SAML metadata) that the
>authentication requests it generates need to by signed by it, then
>they better start generating authentication requests.
>I'd open a support request for them to get SP-initiated SSO working,
>instead of messing around with IDP-initiated.
Salesforce *is* SP initiated, it works as well as any other bad implementation. I believe their metadata is broken and indicates it's going to sign the requests, but doesn't. That's certainly the cause of the error anyway, which should be pretty self-evident.
-- Scott
More information about the users
mailing list