SAML authentication fails U00045306 in SAML response has another destination
Article ID: 402810
Updated On:
Products
Issue/Introduction
The AE system has just been upgraded to a newer version and SAML authentication was not working anymore, but Internal user authentication is working fine.
The same SAML provider is used on a different AE System and the SAML authentication is working fine there.
When looking at the JWP of the non-working system we find the following error message:
U00045306 'sam12p:Response' in SAML response has another destination. Received 'https://your_awi_server/awi/' but expected 'https://your_awi_server/awi'
When comparing the UC_SAML_SETTING from both systems it was found that there was a trailing slash in the AWI URL where it was working fine, whereas this trailing slash was missing in the non-working one.
Environment
Automation Engine 21.x or 24.x or superior
SAML integration
Cause
Configuration issue in UC_SAML_SETTINGS for the AWI URL the url MUST end in a slash
Resolution
Modify the UC_SAML_SETTINGS, section *SP and add the missing trailing / in the AWI url.
You should make sure that these NOTES are respected:
- The Callback URL where your AWI is reachable must always end with a trailing slash (such as http://localhost:8080/awi/).
- Depending on the Provider, the entity ID (referred to as Identifier in Azure or Audience URI in Okta) must map with the entityID value defined in the *SP key of the UC_SAML_SETTINGS variable.
Additional Information
Screenshot from the documentation of the *SP related section remark:
In SAML configuration:
Feedback
