Unable to decode incoming request
Ryan Suarez
ryan.suarez at sheridancollege.ca
Tue Jul 16 11:32:54 EDT 2019
Greetings,
I'm federating my Shib v3.4.4 IdP with some SP. IdP-initiated SSO works fine but I'm having issues with SP-initiated SSO. I get the following error:
2019-07-16 11:11:39,487 - 192.168.0.12 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: UnableToDecode
2019-07-16 11:11:39,486 - 192.168.0.12 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action DecodeMessage: Unable to decode incoming request
Any idea what the issue is?
SAML Tracer shows POST to https://my.idp.ca/idp/profile/Shibboleth/SSO<https://my.idp.ca/idp/profile/Shibboleth/SSO:> but getting error 400 Bad Request:
POST https://my.idp.ca/idp/profile/Shibboleth/SSO<https://login.sheridanc.on.ca/idp/profile/Shibboleth/SSO> HTTP/1.1
Host: my.idp.ca
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://some.sp.com/<https://www.linkedin.com/>
Content-Type: application/x-www-form-urlencoded
Content-Length: 937
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 400 Bad Request
Expires:
Cache-Control: no-store
Content-Type: text/html;charset=utf-8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=0
Content-Security-Policy: frame-ancestors 'none';
Content-Length: 2275
Server: Jetty(9.4.18.v20190429)
Set-Cookie: JSESSIONID=node0m50nnxt9exg419d1qsq8e0js6324708.node0;Path=/idp;Secure;HttpOnly
bigip=1946498958.36895.0000; path=/
bbbbbbbbbbbbbbb=PJNDFFCJIGHOJFABDOLMOAGOGMKIOADNGFOJFJAEEKCDDOLCEHABHPKEJNOAMCBALKNJKAEHHGJNDBMDHOBBBLKMPLJFJKMOEAAKPPEFMLBGGAEGDNEIIAEIGOJGECHE; HttpOnly; secure
SAML Auth Request:
<saml2p:AuthnRequest Destination="https://my.idp.ca/idp/profile/Shibboleth/SSO" ForceAuthn="false" ID="LI_qd47rn684941iui6hebvqmdqc4" IsPassive="false" IssueInstant="2019-07-16T15:18:29.733Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://some.sp.com/someEndPoint/ABEAAAAAAAAirCEAAAAAAuNRbAHzAzyYcMFFTC97fZ9C4TfaBxvDtg</saml2:Issuer> <saml2p:NameIDPolicy AllowCreate="true" /> </saml2p:AuthnRequest>
regards,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190716/6869af82/attachment.html>
More information about the users
mailing list