GCP AWS OKTA ForgeRock Saviynt OAM OIM OVD OID OPAM OES OIF ODSEE SailPoint: HTTP Status 500 ? Internal Server Error SAML ERROR: UtilProxySAMLAuthenticator.authenticate: authn request destination verification failed.

Thursday, March 7, 2019

HTTP Status 500 ? Internal Server Error SAML ERROR: UtilProxySAMLAuthenticator.authenticate: authn request destination verification failed.

on IDP side
ERROR: UtilProxySAMLAuthenticator.authenticate: authn request destination verification failed.

on SP side browser error

HTTP Status 500 ? Internal Server Error
Type Status Report
Message Destination is invalid.
Description The server encountered an unexpected condition that prevented it from fulfilling the request.
Apache Tomcat/8.0.53

Solution:

SP authn request needs to have destination, ProtocolBinding and AssertionConsumerServiceURL

here is example from onelogin

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_8f0030a5d00620c9d9df97f627afe9dcc24" Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z" Destination="http://idp.example.com/SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://sp.example.com/demo1/index.php?acs">
<saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

GCP AWS OKTA ForgeRock Saviynt OAM OIM OVD OID OPAM OES OIF ODSEE SailPoint

Total Pageviews

Thursday, March 7, 2019

HTTP Status 500 ? Internal Server Error SAML ERROR: UtilProxySAMLAuthenticator.authenticate: authn request destination verification failed.

No comments:

Post a Comment