SAML Response Destination gets "URL encoded" on IDP 2.x
Simon Lundström
simlu at su.se
Wed Apr 20 04:39:32 EDT 2016
Hey!
Trying to get a vendor working which supposedly uses ADFS.
They use an base64 encoded token in their AssertionConsumerServiceURL
which our 2.x some how half URL-encodes (where did the = go?)
I tried to read in saml-bindings-2.0-os.pdf to see if this was OK or not
but I couldn't find anything.
3.x doesn't URL-encode it at all. I know 3.x is the way forward but
we're not ready to switch for at least a month so we'd like to get it
working on 2.x.
Extracts of relevant SAML messages:
<samlp:AuthnRequest
AssertionConsumerServiceURL="http://test.tendsign.com/login.aspx?SAML2ID=OHMIt1yahNTN2uBJ/oIObQA="
Destination="https://idp-test.it.su.se/idp/profile/SAML2/POST/SSO" ForceAuthn="false"
ID="tsid51D6[…]44D2" IsPassive="false"
IssueInstant="2016-04-20T08:25:40Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
ProviderName="" Version="2.0" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
[…]
<saml2p:Response Destination="http://test.tendsign.com/login.aspx?SAML2ID=OHMIt1yahNTN2uBJ%2FoIObQA"
ID="_e2b9[…]5d52" InResponseTo="tsid51D6[…]44D2"
IssueInstant="2016-04-20T08:25:40.742Z" Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
[…]
BR,
- Simon
____________________________________
Simon Lundström
Section for Infrastructure
IT Services
Stockholm University
SE-106 91 Stockholm, Sweden
www.su.se/english/staff-info/it
More information about the users
mailing list