A client is trying to SSO into our app using SAML and our app throws followimg exception
org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint.
Asked
Active
Viewed 6,502 times
1 Answers
0
The reason for this exception was missing Destination attribute in the Response element in the the assertion client was sending us. The Response needed to be something like:
<Response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_a8590dae-831c-4142-9fc9-a15f60e972a0" Version="2.0" IssueInstant="2012-02-22T17:08:57Z" Destination="https://client.ourapp.com/product/AssertionConsumer" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
The Destination attribute needed to contain our assertion consumer url.
septerr
- 6,445
- 9
- 50
- 73