SAML Response Destination gets "URL encoded" on IDP 2.x

Simon Lundström simlu at
Wed Apr 20 04:39:32 EDT 2016


Trying to get a vendor working which supposedly uses ADFS.

They use an base64 encoded token in their AssertionConsumerServiceURL
which our 2.x some how half URL-encodes (where did the = go?)

I tried to read in saml-bindings-2.0-os.pdf to see if this was OK or not
but I couldn't find anything.

3.x doesn't URL-encode it at all. I know 3.x is the way forward but
we're not ready to switch for at least a month so we'd like to get it
working on 2.x.

Extracts of relevant SAML messages:

   Destination="" ForceAuthn="false"
   ID="tsid51D6[…]44D2" IsPassive="false"
   IssueInstant="2016-04-20T08:25:40Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
   ProviderName="" Version="2.0" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
   xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs=""

<saml2p:Response Destination=""
   ID="_e2b9[…]5d52" InResponseTo="tsid51D6[…]44D2"
   IssueInstant="2016-04-20T08:25:40.742Z" Version="2.0"

- Simon


Simon Lundström
Section for Infrastructure

IT Services
Stockholm University
SE-106 91 Stockholm, Sweden

More information about the users mailing list