Troubleshooting the "Unable to decode" (IdP 3.3)
O'Dowd, Josh
Josh.O'Dowd at mso.umt.edu
Fri Aug 25 13:20:36 EDT 2017
> It's not encrypted, not in general anyway.
Sorry , just hashed then?
> I If there's no SAMLRequest parameter, then it's going to fail to decode, that's just an invalid request. There's nothing to log, there's just nothing there.
Actually, there is a SAMLRequest parameter that I missed, coming after the RelayState parameter, and now I see that only some of the failed requests have a leading RelayState parameter.
Sample access entry for failed request:
[25/Aug/2017:09:24:05 -0600] TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /idp/profile/SAML2/Redirect/SLO?RelayState=ss:m
em:18e8f777deec8579d5adfb48fbaf6d9ae296df30c777408c7058488b5509bd70&SAMLRequest=rVbJcqNIEL3rKxzqo8JmEwIUtiNYtLFoAyTBZaIExSKxiSoE6OsHd
dvT7e6ZCffEXLMyX+Z7mUnyjECaFGM9D/MKb+Glggg/NGmSofHXl5d+VWbjHKAYjTOQQjTG3tgUDX1MP5Hjosxx7uVJ/0Hp4uIM4DjPXvoRxgUaE0SSh3H2VKX4CfoVEfsF0Q
...
...
83szyP7Zvz5rr2fWBOi++VbZD5sXv+gu9+EI8OwggcBF7AM4I40oASK5T0B+EHwfjE/RL0bP/wBvf4J&SigAlg=http://www.w3.org/2000/09/xmldsig HTTP/1.1" 40
0 18603
-Josh
More information about the users
mailing list