IDP v5.1.3 [http://localhost:8080/idp/profile/SAML2/POST/SSO] Bad Request

Question

We are trying to upgrade IDP version from v3.4.4 to v5.1.3 and our application is a standalone application. In our application, we had customized the IDP with our external login authentication. During the upgrade to v5.1.3, we are facing an issue as below, https://i.sstatic.net/GP30mSDQ.png

When we access our application url, it is redirecting to SP and it is generating an SAML request and sending to IDP (http://localhost:8080/idp/profile/SAML2/POST/SSO). After this, it is saying as BAD REQUEST with below error,

ERROR: [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:449]

• Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'http://ipau.sp.sso.manager/sso': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=http://localhost:8080/SSOSPManager/SSO, trusted=false] 2024-08-09 17:58:20,090 - 0:0:0:0:0:0:0:1 - WARN [org.opensaml.profile.action.impl.LogEvent:94] - A non-proceed event occurred while processing the request: EndpointResolutionFailed.

Environment: Java v17, Apache Tomcat-v10.1.24, IDP v5.1.3

Kindly help me on this to proceed further. Thank you.

Answer 1

Check your metadata-providers.xml and your metadata files. You can turn on the saml messeges log to debug to see what your sp sends and see if the EntityID that it is sending corrensponds to the one in your metadata-providers.xml and corresponding metadata file.