{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《ACS75005 “The request is not a valid SAML2 protoco》','https://www.manongdao.com/q-389245.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to consume Windows Azure Active Directory as an IdP in a web application. My code works fine on other SAML IdPs but gives the following message in the Windows Azure AD only !!
Sign in
Sorry, but we're having trouble signing you in.
We received a bad request. Additional technical information:
Trace ID:8377e605-6b9f-47be-8547-5fce7f4285af
Timestamp: 2014-08-04 13:31:27Z
ACS75005:
The request is not a valid SAML2 protocol message.
I replaced my code and used the SAML request that Microsoft published here and replaced only some values but still getting the same error message !!
What is wrong with my request? And how can I get more details about the message !
Knowing that my application is defined in the Windows Azure AD applications.
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_56dbfeac-107a-46d2-b989-651f90107312" Version="2.0" IssueInstant="2014-08-04T13:28:05Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">SOMETHING</Issuer>
</samlp:AuthnRequest>
Edit 001 After editing the assertion to be as Dushyant suggested, it becomes:
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_efcebb45-5ee6-42df-ace4-a343f28f5a46"
Version="2.0" IssueInstant="2014-08-07T06:29:09Z"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">SOMETHING</Issuer>
</samlp:AuthnRequest>
But still the same error is showing!
Also please find the test project I'm using here. Only replace the values in the AppSettings in the webconfig for your SAML settings.
I believe there is a mismatch in namespaces here...The SAMLRequest should look like this.
The Issuer element must be in the namespace of 'urn:oasis:names:tc:SAML:2.0:assertion' and the AuthnRequest element within the namespace of 'urn:oasis:names:tc:SAML:2.0:protocol'
Of course this needs to be deflated + base64 encoded. If using HttpRedirect binding then also urlencode this before embedding within the URL
You need to UrlEncode (e.g. HttpUtility.UrlEncode(result)) the 'result' before using it in a Get request.
Use
instead of xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
I believe you followed what we've document here: http://msdn.microsoft.com/en-us/library/azure/dn195589.aspx. If so, you've found a bug in that article - sorry about that.
Hope this helps.
Homam, I reviewed your code. The problem was with the way the AuthnRequest was being encoded. I changed it to standard deflate encoding and it worked.