Unable to decode incoming request

Michael Dahlberg olgamirth at gmail.com
Tue Mar 13 16:03:59 EDT 2018

On Tue, Mar 13, 2018 at 12:46 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> > I'm working with an SP that has provided their metadata to me.  I've
> made the
> > necessary configuration changes to our IdP.  However, when I navigate to
> their
> > test URL, I'm returned back to our IdP with a "Something went wrong"
> error
> > page. The log entries state that its unable to decode the incoming
> request
> > (they're using RSA +SHA1 for signing) which is immediately followed by a
> > opensaml error:
> They're pointing at an incorrect endpoint at the IdP, not the SAML 2 SSO
> endpoint.
I think you're absolutely correct: the SSO endpoint in the metadata is
https://example.bucknell.edu:443/commonauth and they're having me navigate
to https://example.bucknell.edu/cas/login?service=https://www.google.com
(sorry for the "example" part; not sure they'd want the real URLs in a
public forum).  I've tried adding the SSO endpoint
https://example.bucknell.edu/cas/login, but that has the same result.
Usually, I can find the endpoint in the AuthnReq in the debug logs, but not
in this case.  It's just "can't decode, end".  Is there any way I can
determine what the endpoint is so that I can add it to their metadata so
that my IdP decodes the request and generates a SAML Response?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180313/b776e1f1/attachment.html>

More information about the users mailing list