Lipscomb, Gary glipscomb at
Thu Mar 26 07:15:58 EDT 2020

Hi Ron,

I think I found the issue just as you posted.

We have in our IdP metadata the following endpoints for SSO

<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location=""/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=""/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location=""/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>

They are sending the AuthnRequest to which is the SAML 1 location for AutnRequest.

Should we still have this entry in our IdP (v3.4.6) metadata?

They should be sending to the SAML2 endpoint   instead.



-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Rod Widdowson
Sent: Thursday, 26 March 2020 21:46
To: 'Shib Users' <users at>
Subject: RE: MessageDecodingException

> Hi List,
> I'm trying to work out what could be mis-configured to cause the following error [1] when trying to log into app.cvent
> Could it be due to the wrong signing certificate used?
> Regards
> Gary

Looks more like the URL that the IDP was called with didn't have a "?providerId= " on it?

Maybe the SP is sending to the wrong binding?

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list