The Specifications of SAML2 AssertionConsumerService endpoint are not valid

2.7k Views Asked by At

I got the below error while I was trying to authenticate through IBM Security Access Manager (using Sustainsys.Saml2.Owin)

Error Message

Here is the Link of error code

I tested the code on another IDP https://stubidp.sustainsys.com/ and it's working.

Maybe the difference is with the test IDP (Stupidp) it was a solicited response but from IBM Security Access Manager was Unsolicited (Idp-initiated).

But I already set AllowUnsolicitedAuthnResponse = true

Here is the metadata that attached on IBM Security Access Manager

SP Metadata

1

There are 1 best solutions below

0
On

I find the solution I was sent a wrong metadata, the right one if you use SustainSys.Saml2 is to hit your SP URL "https://SP.com/Saml2" this will generate your SP metadata file.

The AssertionConsumerService was wrong was the action to be landed after login on the IDP, but the right one should be "https://SP/Saml2/Acs"