Jack Mulvihill
asked on
SAML SSO Issue
Setting up SAML for SSO sig on to our LMS....
- Click the link for Sign in with SAML SSO
- Takes me to login page for organization
- using username/ password the web page throws an error:
Error details
Activity ID: 39309994-5de1-4c42-2300-00 80000000fa
Relying party: MAU LMS
Error details: MSIS3200: No AssertionConsumerService is configured on the relying party trust 'http://hatch.mau.com/lms/index.php' that is a prefix match of the AssertionConsumerService URL 'http://hatch.mau.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp' specified by the request.
Node name: b0f8a440-7efb-4790-87e2-49 4c2fde6425
Error time: Fri, 03 Jan 2020 15:32:39 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
- On the ADFS Event Viewer I get:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
http://hatch.mau.com/lms/index.php
Exception details:
Microsoft.IdentityServer.S ervice.Pol icy.Policy Server.Eng ine.Assert ionConsume rServiceUr lDoesNotMa tchPolicyE xception: MSIS3200: No AssertionConsumerService is configured on the relying party trust 'http://hatch.mau.com/lms/index.php' that is a prefix match of the AssertionConsumerService URL 'http://hatch.mau.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp' specified by the request.
at Microsoft.IdentityServer.S ervice.Sam lProtocol. EndpointRe solver.Loo kupAsserti onConsumer ServiceByU rl(Collect ion`1 assertionConsumerServices, Uri requestedAssertionConsumer ServiceUrl , String scopeIdentity)
at Microsoft.IdentityServer.S ervice.Sam lProtocol. EndpointRe solver.Fin dSamlRespo nseEndpoin tForAuthen ticationRe quest(Bool ean artifactEnabled, AuthenticationRequest request, ScopeDescription scopeDescription)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Manager.Ge tResponseE ndpointFro mRequest(S amlRequest request, Boolean isUrlTranslationNeeded, ScopeDescription scope)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Manager.Is sue(HttpSa mlRequestM essage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvide r, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Handler.Re questBeare rToken(Wra ppedHttpLi stenerCont ext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenReq uired, String& samlpSessionState, String& samlpAuthenticationProvide r)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Handler.Bu ildSignInR esponseCor eWithSeria lizedToken (HttpSamlR equestMess age httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenReq uired)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Handler.Bu ildSignInR esponseCor eWithSecur ityToken(S amlSignInC ontext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
at Microsoft.IdentityServer.W eb.Protoco ls.Saml.Sa mlProtocol Handler.Pr ocess(Prot ocolContex t context)
at Microsoft.IdentityServer.W eb.Passive ProtocolLi stener.Pro cessProtoc olRequest( ProtocolCo ntext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.W eb.Passive ProtocolLi stener.OnG etContext( WrappedHtt pListenerC ontext context)
- Relaying Party Trust is setup with Identifiers:
http://hatch.mau.com/lms/index.php
http://hatch.mau.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp
Endpoint Trusted URL:
https://hatch.mau.com/lms/index.php
- Click the link for Sign in with SAML SSO
- Takes me to login page for organization
- using username/ password the web page throws an error:
Error details
Activity ID: 39309994-5de1-4c42-2300-00
Relying party: MAU LMS
Error details: MSIS3200: No AssertionConsumerService is configured on the relying party trust 'http://hatch.mau.com/lms/index.php' that is a prefix match of the AssertionConsumerService URL 'http://hatch.mau.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp' specified by the request.
Node name: b0f8a440-7efb-4790-87e2-49
Error time: Fri, 03 Jan 2020 15:32:39 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
- On the ADFS Event Viewer I get:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
http://hatch.mau.com/lms/index.php
Exception details:
Microsoft.IdentityServer.S
at Microsoft.IdentityServer.S
at Microsoft.IdentityServer.S
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
at Microsoft.IdentityServer.W
- Relaying Party Trust is setup with Identifiers:
http://hatch.mau.com/lms/index.php
http://hatch.mau.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp
Endpoint Trusted URL:
https://hatch.mau.com/lms/index.php
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.