Unable to resolve outbound message endpoint
Cantor, Scott
cantor.2 at osu.edu
Mon Apr 25 15:36:49 EDT 2016
> I saw a couple other schools wrote to this list when upgrading to IdPv3 and
> that's when I learned about the skipEndpointValidationWhenSigned flag. I
> tried applying this to the relying party and in the logs it does say
>
> Message Handler: Validation of protocol message signature succeeded,
> message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
>
> But then it still goes on to the EndpointResolutionFailed part.
Well, there's IDP-773, but it was fixed in V3.2.0. I don't know of any explanation for it not working after that. I'm definitely using it now, so I know it works, though I'm on a snapshot. Should work fine in 3.2.1 though.
Occam's razor might suggest you're not on the version you think.
> I will attempt to convey to the vendor that their URLs don't match, but is
> there any other way, even as a temporary measure, I can get this to work?
Not really, short of draconian approaches like loading no metadata for it and enabling unverified relying party use.
-- Scott
More information about the users
mailing list