glipscomb at csu.edu.au
Thu Mar 26 07:15:58 EDT 2020
I think I found the issue just as you posted.
We have in our IdP metadata the following endpoints for SSO
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idpdev.csu.edu.au/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idpdev.csu.edu.au/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idpdev.csu.edu.au/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idpdev.csu.edu.au/idp/profile/SAML2/Redirect/SSO"/>
They are sending the AuthnRequest to https://idpdev.csu.edu.au/idp/profile/Shibboleth/SSO which is the SAML 1 location for AutnRequest.
Should we still have this entry in our IdP (v3.4.6) metadata?
They should be sending to the SAML2 endpoint https://idpdev.csu.edu.au/idp/profile/SAML2/POST/SSO instead.
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Rod Widdowson
Sent: Thursday, 26 March 2020 21:46
To: 'Shib Users' <users at shibboleth.net>
Subject: RE: MessageDecodingException
> Hi List,
> I'm trying to work out what could be mis-configured to cause the following error  when trying to log into app.cvent
> Could it be due to the wrong signing certificate used?
Looks more like the URL that the IDP was called with didn't have a "?providerId=https://example.org/entity " on it?
Maybe the SP is sending to the wrong binding?
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users