Mark Hunt
2014-10-17 19:05:11 UTC
When sending the following xml, base64 encoded, Im getting Error decoding authentication request message from the IdP and Im not sure why. The request is compressed, would the IdP have trouble decoding then inflating the request?
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" Version="2.0" Destination="https://as99-test.fim.psu.edu/idp/profile/SAML2/POST/SSO" ID="_618e1840-385c-0132-6bb6-4040e8db5148" AssertionConsumerServiceURL="http://localhost/saml/consume" IssueInstant="2014-10-17T18:50:26Z">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost/saml/consume</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<Reference URI="#_618e1840-385c-0132-6bb6-4040e8db5148">
<DigestMethod Algorithm="SHA1" />
<DigestValue>54IvWvLrSqFzrh5ymh1o+Rs7aZA=</DigestValue>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi" />
</Transforms>
</Reference>
</SignedInfo>
<SignatureValue>signature info here</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>cert info here</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</samlp:AuthnRequest>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT" Version="2.0" Destination="https://as99-test.fim.psu.edu/idp/profile/SAML2/POST/SSO" ID="_618e1840-385c-0132-6bb6-4040e8db5148" AssertionConsumerServiceURL="http://localhost/saml/consume" IssueInstant="2014-10-17T18:50:26Z">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost/saml/consume</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" AllowCreate="true" />
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<Reference URI="#_618e1840-385c-0132-6bb6-4040e8db5148">
<DigestMethod Algorithm="SHA1" />
<DigestValue>54IvWvLrSqFzrh5ymh1o+Rs7aZA=</DigestValue>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi" />
</Transforms>
</Reference>
</SignedInfo>
<SignatureValue>signature info here</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>cert info here</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</samlp:AuthnRequest>