SP not using x509 to send AuthnRequest

Losen, Stephen C. (scl) scl at virginia.edu
Wed Feb 7 06:16:55 EST 2018

Hi Juan,

Try sending the SP auth request to the IDP "HTTP-Redirect" endpoint: /idp/profile/SAML2/Redirect/SSO

Stephen C. Losen
ITS - Systems and Storage
University of Virginia
scl at virginia.edu<mailto:scl at virginia.edu>    434-924-0640

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Juan Padilla
Sent: Wednesday, February 07, 2018 4:25 AM
To: users at shibboleth.net
Subject: SP not using x509 to send AuthnRequest

Hi, my SP does not appear to sign any AuthenRequest. There is no KeyDescriptor/X509Cert tags in the SP metadata.

my SP metadata has AuthnRequestsSigned=false already:
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

I am still getting an "Error Message: Error decoding authentication request message" when trying to redirect to my shib idp at https://myshib/idp/SAML2/POST/SSO. Is there another configuration I need to set in my relying-party.xml?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180207/518f44b5/attachment.html>

More information about the users mailing list