Reputation: 768
Invalid SAML AuthN Request
By trying to set up an SSO connection (sp initiated) between my SP and an IDP using ADFS, I am not able to get an answer from the IDP. The problem is that this IDP is a black box and i do not have the hand on.
So doing some debugging I checked that my query was valid and well formated using this tool and got this message
Invalid SAML AuthN Request. Not match the saml-schema-protocol-2.0.xsd
But their is no more details and even when I check saml protocol schema, I don't find where the problem is with this request :
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_2e674db5054e407c30af"
Version="2.0"
IssueInstant="2019-05-10T09:39:52Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="https://my-sp.com/callback">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sp_name
</saml:Issuer>
<samlp:NameIDPolicy
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
AllowCreate="true">
</samlp:NameIDPolicy>
<samlp:RequestedAuthnContext
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Comparison="exact">
<saml:AuthnContextClassRef
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Did I missed a required field or is one value not well formated ?
Upvotes: 2
Views: 2327
Answers (1)
Reputation: 90
First of all, you should use Validate XML with the XSD schema, tool. When I did this, I got:
Line: 14 | Column: 0 --> Element '{urn:oasis:names:tc:SAML:2.0:protocol}NameIDPolicy': Character content is not allowed, because the content type is empty.
So, I've removed the tag </samlp:NameIDPolicy> and just closed your NameIDPolicy as bellow:
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="_2e674db5054e407c30af"
Version="2.0"
IssueInstant="2019-05-10T09:39:52Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="https://my-sp.com/callback">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">sp_name
</saml:Issuer>
<samlp:NameIDPolicy
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
AllowCreate="true" />
<samlp:RequestedAuthnContext
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext></samlp:AuthnRequest>
Hope it helps
Upvotes: 2
Related Questions
- Spring SAML sending wrong AuthNRequest
- Unable to create the correct signature for SAML response
- OneLogin SAML2 Invalid Schema
- Saml2Assertion to XML is empty
- SAML Response xml not valid
- Getting a SAML assertion after creating a session via API
- SAML 2.0 Endpoint (HTTP) giving 500 Internal Server error in onelogin
- Couldn't validate XSD SAML metadata file
- Missing xmlns:ds="http://www.w3.org/2000/09/xmldsig#" in a SAML request
- InvalidAttrNameOrValue response from SAML request