Unable to resolve outbound message endpoint

Ian Rifkin irifkin at brandeis.edu
Mon Apr 25 15:26:16 EDT 2016


I'm running Shibboleth IdP v3.2.1 and trying to set things up to work with
a vendor (iModules) SP.

In the logs I see that it's "Unable to resolve outbound message endpoint".
Digging deeper I see that the assertion URL in their metadata file and in
the SAML request differ in the latter has &gid=1 appended to the end.

I saw a couple other schools wrote to this list when upgrading to IdPv3 and
that's when I learned about the skipEndpointValidationWhenSigned flag. I
tried applying this to the relying party and in the logs it does say

 Message Handler:  Validation of protocol message signature succeeded,
message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest

But then it still goes on to the EndpointResolutionFailed part.

I will attempt to convey to the vendor that their URLs don't match, but is
there any other way, even as a temporary measure, I can get this to work?

Note: Their metadata file is in InCommon so I don't think I could even edit
it if I wanted to "fix" it for them.



Ian Rifkin '04, MS '09
Software Systems Manager
Library and Technology Services (LTS)
Brandeis University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160425/2c1264f3/attachment-0001.html>

More information about the users mailing list