Reputation: 58
ERROR: `InResponseTo` does not match any of the possible request IDs (expected [])
I'm configuring a PingFederate IdP with a Shibboleth Service Provider. When I click on the SSO Application Endpoint in the SP connection of Ping, after entering the username password I get this error message in my SP logs:
ERROR: InResponseTo does not match any of the possible request IDs (expected [])
The response does not have an InResponseTo attribute. What could be causing this error?
Upvotes: 1
Views: 3483
Answers (1)
Reputation: 3341
Using the link at the top of the SP connection will start an IdP-initiated SSO transaction. By spec, IdP-initiated responses are considered "unsolicited responses", and cannot contain InResponseTo. You will need to fix your SP so that it requires InResponseTo only when your SP initiates the transaction.
Upvotes: 3
Related Questions
- Error when connecting to a SAML 2.0 IdP that uses shibboleth
- PingFederate SLO - Status Message: Invalid signature
- PingFederate: Error Signature Required on SP Initiated Login
- SAML SSO QueryString is dropped
- SAML - Service Provider could not handle the request
- Spring Security SAML with PingIdentity/ PingFederation, InResponseToField of the Response doesn't correspond to sent message
- NameID element must be present as part of the Subject
- Error Message: No peer endpoint available to which to send SAML response
- Shibboleth not appending any nameid to SAML response
- Shibboleth Attribute Query SAML error: Inbound message issuer was not authenticated