Unable to resolve outbound message endpoint

Cantor, Scott cantor.2 at osu.edu
Mon Apr 25 15:36:49 EDT 2016

> I saw a couple other schools wrote to this list when upgrading to IdPv3 and
> that's when I learned about the skipEndpointValidationWhenSigned flag. I
> tried applying this to the relying party and in the logs it does say
>  Message Handler:  Validation of protocol message signature succeeded,
> message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
> But then it still goes on to the EndpointResolutionFailed part.

Well, there's IDP-773, but it was fixed in V3.2.0. I don't know of any explanation for it not working after that. I'm definitely using it now, so I know it works, though I'm on a snapshot. Should work fine in 3.2.1 though.

Occam's razor might suggest you're not on the version you think.

> I will attempt to convey to the vendor that their URLs don't match, but is
> there any other way, even as a temporary measure, I can get this to work?

Not really, short of draconian approaches like loading no metadata for it and enabling unverified relying party use.

-- Scott

More information about the users mailing list