septerr
Reputation: 6593
SAML Exception Intended destination endpoint did not match
A client is trying to SSO into our app using SAML and our app throws followimg exception
org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint.
Upvotes: 2
Views: 6850
Answers (1)
septerr
Reputation: 6593
The reason for this exception was missing Destination attribute in the Response element in the the assertion client was sending us. The Response needed to be something like:
<Response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_a8590dae-831c-4142-9fc9-a15f60e972a0" Version="2.0" IssueInstant="2012-02-22T17:08:57Z" Destination="https://client.ourapp.com/product/AssertionConsumer" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
The Destination attribute needed to contain our assertion consumer url.
Upvotes: 0
Related Questions
- Error when trying out sample saml application
- Recipient endpoint doesn't match with SAML response
- Spring SAML: SAML message intended destination endpoint did not match recipient endpoint
- Spring-SAML : Incoming SAML message is invalid
- SAML - Service Provider could not handle the request
- SAML 2.0 invalid request SSOCIRCLE
- Why is this not a valid saml2 request?
- SAML 2.0 Endpoint (HTTP) giving 500 Internal Server error in onelogin
- How to change Spring SAML destination endpoint?
- Message: ID4223: The SamlSecurityToken is rejected because the SamlAssertion.NotOnOrAfter condition is not satisfied