(I'm not sure how much, if any, control I have over what the Id P uses from the Issuer!
) And, of course, thank you again for the help with this matter!
The response has a signed message and encrypted assertion: @clane-axial, Can you check if the SAMLResponse is also invalidated at this tool?
https:// validation is something complex, a simple extra space can invalidate your XML.
If I know the cert that is being used by the Id P, can I just add the missing elements into the original response?
Hi, I was successful in integrating with the onelogin Id P without any issues.
When I start my test application I do see a link to Okta IDP, after clicking "Start single sign-on" button i am being redirected to Okta address with info "Sining in to SAML - Test" (my Okta test name) after that I'm again being redirected to my application with: Caused by: org.opensaml.common.
SAMLException: Response doesn't have any valid assertion which would pass subject validation at org.springframework.websso.
In the validation process is checked who sent the message (Id P Entity Id), who received the SAML Response (SP Entity Id) and where (SP Attribute Consume Service Endpoint) and what is the final destination (Target URL, Destination).
However, after a little effort in attempting to add support to another Idp, I encountered the following error message "Signature validation failed. Also, I am using the cert fingerprint to validate the signature which I pulled directly from the cert.
SAML Response rejected", which led to me this thread. I get the exact same error but I have the appropriate , tags in the assertion.
As you can see, I'm using dummy values for the Id P single Sign On Service and single Logout Service URLs.
I don't think I need them in my case as I just need to process the SAML Response, but I'm not completely sure about that.