The request cannot be fulfilled because the message received does not meet the security requirements of the login service

Wismer, Doug Doug.Wismer at ellucian.com
Fri Oct 28 18:59:55 UTC 2022 

Trying to find the reason for this error.  "The request cannot be fulfilled because the message received does not meet the security requirements of the login service"

The Metadata config has been checked and is per the vendor's recommendation.

Not seeing errors, but warnings.

2022-10-27 15:11:46,668 - DEBUG [PROTOCOL_MESSAGE:127] - 123.123.123.123 - node01ac1xhe309ceqenezc35zwf2k394828 -
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL=https://somesp.somesp.com/saml-prodtest/token
    Destination=https://sso.it.utsa.edu/idp/profile/SAML2/Redirect/SSO
    ID="_d0fd17d8c3c271dd00e5" IssueInstant="2022-10-27T20:11:37.505Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://host.someissuer.com/</saml:Issuer<https://host.someissuer.com/%3c/saml:Issuer>>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2022-10-27 15:11:46,760 - WARN [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:277] - 123.123.123.123 - node01ac1xhe309ceqenezc35zwf2k394828 - Message Handler:  Simple signature validation (with no request-derived credentials) failed
2022-10-27 15:11:46,761 - WARN [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:214] - 123.123.123.123 - node01ac1xhe309ceqenezc35zwf2k394828 - Message Handler:  Validation of request simple signature failed for context issuer: https://host.someissuer.com/
2022-10-27 15:11:46,762 - WARN [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:202] - 123.123.123.123 - node01ac1xhe309ceqenezc35zwf2k394828 - Profile Action WebFlowMessageHandlerAdaptor: Exception handling message
org.opensaml.messaging.handler.MessageHandlerException: Validation of request simple signature failed for context issuer
        at org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler.doEvaluate(BaseSAMLSimpleSignatureSecurityHandler.java:216)
2022-10-27 15:11:46,765 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - 123.123.123.123 - node01ac1xhe309ceqenezc35zwf2k394828 - A non-proceed event occurred while processing the request: MessageAuthenticationError

Any help diagnosing is appreciated.  Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221028/6eab185d/attachment.htm>

More information about the users mailing list