How to debug OpenAM "SAML Request is invalid response"

Question

I'm trying to debug the "SAML Request is invalid response" from OpenAM.

I use the example from the book 'A guide to OpenSAML v3' and modified it to try the SSO on the OpenSAML instance, that I have running in a local tomcat container. The Request that I send (taken from the logging)

<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8181/webprofile-ref-project/sp/consumer" Destination="http://rob-ubuntu:8080/OpenAM-13.0.0/SSORedirect/metaAlias/myusers/idp" ID="_9dc12ad39163c7358fc986484b12c130" IssueInstant="2016-09-22T10:04:45.226Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">TestSP</saml2:Issuer>
<saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
<saml2p:RequestedAuthnContext Comparison="minimum">
<saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</saml2p:AuthnRequest>

I set-up OpenAM accoring to this answer: https://stackoverflow.com/a/1126798/461499

I tried to set the Debug messages level to 'debug' but there is no additional information. Please advise on how to debug this error message.

score 0 · Answer 1 · answered Sep 22 '16 at 11:27

0

Ok this is really silly, but I seems forgot to add the SP to the circle of trust. After adding it, I got further.

answered Sep 22 '16 at 11:27

Rob Audenaerde

19,195
10
76
121

How to debug OpenAM "SAML Request is invalid response"

1 Answers1