SAML authentication: invalid request
search cancel

SAML authentication: invalid request

book

Article ID: 278643

calendar_today

Updated On: 03-24-2025

Products

ISG Proxy

Issue/Introduction

When browser sends a POST with SAML response (https://PROXYIP:PORT/saml/WHOSAML/bcsamlpost), proxy replies with invalid request error:

Environment

Proxy configured in explicit mode with SAML authentication.

Cause

 "federated-idp ccl" does not include the CA cert that the saml assertion is signed with from the IDP

Resolution

Use Federated IDP CCL that contains CA cert used by the IDP:

Proxy#(config saml REALMNAME)view
  Realm name:                      REALMNAME
  Display name:                    REALMNAME
  Federated IDP entity ID:         https://example.com
  Federated IDP SLO POST URL:
  Federated IDP SSO POST URL:      https://example.com
  Federated IDP SSO Redirect URL:  https://example.com
  Federated IDP CCL:               browser-trusted

Powered by Wolken Software