SP not using x509 to send AuthnRequest
Juan Padilla
juan.padilla at nxp.com
Wed Feb 7 15:20:45 EST 2018
Thanks Stephen, changing from POST/SSO to Redirect/SSO got the ball rolling to finally debug the rest of the SAML payloads to get it all working.
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Juan Padilla
Sent: Wednesday, February 7, 2018 3:25 AM
To: users at shibboleth.net
Subject: SP not using x509 to send AuthnRequest
This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing<http://aka.ms/LearnAboutSpoofing>
Feedback<http://aka.ms/SafetyTipsFeedback>
Hi, my SP does not appear to sign any AuthenRequest. There is no KeyDescriptor/X509Cert tags in the SP metadata.
my SP metadata has AuthnRequestsSigned=false already:
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
I am still getting an "Error Message: Error decoding authentication request message" when trying to redirect to my shib idp at https://myshib/idp/SAML2/POST/SSO. Is there another configuration I need to set in my relying-party.xml?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180207/8e5507b4/attachment.html>
More information about the users
mailing list