Troubleshooting the "Unable to decode" (IdP 3.3)

O'Dowd, Josh Josh.O'Dowd at
Fri Aug 25 13:20:36 EDT 2017

> It's not encrypted, not in general anyway.

Sorry , just hashed then?

> I If there's no SAMLRequest parameter, then it's going to fail to decode, that's just an invalid request. There's nothing to log, there's just nothing there.

Actually, there is a SAMLRequest parameter that I missed, coming after the RelayState parameter, and now I see that only some of the failed requests have a leading RelayState parameter.
Sample access entry for failed request:
[25/Aug/2017:09:24:05 -0600] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /idp/profile/SAML2/Redirect/SLO?RelayState=ss:m
83szyP7Zvz5rr2fWBOi++VbZD5sXv+gu9+EI8OwggcBF7AM4I40oASK5T0B+EHwfjE/RL0bP/wBvf4J&SigAlg= HTTP/1.1" 40
0 18603


More information about the users mailing list