Web Login Service - Message Security Error

Peter Schober peter.schober at univie.ac.at
Mon Feb 17 07:57:02 EST 2020

* liquid89 <p.nem at pnem.at> [2020-02-17 09:47]:
> The Client goes to 
> https://portal.test.de  --> https://portal.test.de /idp/shibboleth...but the
> intern redirect doenst work and thats why the Error: 
>  'https://portal.test.de/idp/profile/SAML2/Redirect/SSO' did not match the
>  recipient endpoint 'http://servername:8443/idp/profile/SAML2/Redirect/SSO'

That's not a problem of a redirect not working -- which would manifest
itself in your web browser internally rendering an error message,
along the lines of not being able to connect to the server -- it's an
error message from the IDP application that the endpoint details from
the SAML don't match what it thinks is its own configuration:

The endpoint details are using http (not https), a different host name
(AFAICT, from your obfuscation attempts) and a different port (8443,
not 443). But something virtualises all those things and makes your
server available at https://portal.test.de/. no?

Tomcat's http connector allows to virtualise the scheme (http) and
also the server name and port, c.f.
so if there's some kind of proxy or TLS offloading involved that's
what you'd need to configure.

If there is no other system/server involved then I'd need to know how
exactly you've configured Tomcat to be able to be accessed at


More information about the users mailing list