search cancel

Authnrequest - POST Binding - 400 Error

book

Article ID: 203257

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

Customer is IDP and is receiving an authnrequest (SAMLRequest) via POST binding.  The request is failing with the following errors logged in the FWSTrace.log:

[10/30/2020][10:05:01][19164][44144][26557505-b32738e2-43e2bc12-9945ed61-9f46318e-b0][SSO.java][doGet][No SAMLRequest or SPID parameter in request to SAML2 Single Sign-On Service]

[10/30/2020][10:05:01][19164][44144][26557505-b32738e2-43e2bc12-9945ed61-9f46318e-b0][SSO.java][doGet][Ending SAML2 Single Sign-On Service request processing with HTTP error 400]

Environment

Release : ALL

Component : SITEMINDER - FEDERATION

Cause

The SAMLRequest was not properly encoded and could not be decoded using third-party tools.

Resolution

Ask the SP to correct the encoding.  If third-party decoders cannot decode the SAMLRequest, neither will Siteminder be able to.

Additional Information

Third-party SAML Decoder:
https://www.ssocircle.com/en/1203/saml-request-online-decoder-encoder/