AnsweredAssumed Answered

Processing a SAML AuthnRequest problem

Question asked by stephen-s.lynch on Apr 20, 2017
Latest reply on Apr 21, 2017 by ChristopherClark

Hi

 

I am looking at a use-case that requires us to act as an IDP. The Process SAML Authentication Request assertion seemed just the right thing to use. It is being used in a Redirect binding but it throws a 'policy falsified' due to a a missing AssertionConsumerServiceURL. Given that this is optional attribute in SAML it is an over-zealous check and in any case it doesn't seem to be applied to any of the other elements or attributes when processing the AuthnRequest. Two thoughts occur to me:

- maybe there is some option or context variable that relaxes this check, or

- this assertion was only envisaged in strict use-cases so shouldn't be used like this

In either case the documentation isn't assisting me. Has anyone suffered the same issue?

 

One option to work around is to process the AuthnRequest separately by extracting the SAMLRequest parameter, URL-decoding, base-64-decoding then deflating but it seems that the encode/decode assertion doesn't do inflate/deflate (i guess it is expecting GZIP preambles). While searching around here I saw mention of a tactical gzip assertion. Does that do INFLATE and DEFLATE and if so where do I get it from?

 

Cheers

- Steve

Outcomes