Tutor dev - SAML - wrong port in tpa_saml

Wasabi · February 22, 2023, 11:05am

Trying to setup a local environment with the authn MFE to make changes to the frontend. SAML login doesn’t work though, failing with the following error message:

Authentication failed: SAML login failed: ['invalid_response'] (The response was received at http://local.overhang.io/auth/complete/tpa-saml/ instead of http://local.overhang.io:8000/auth/complete/tpa-saml/)

The SAML Request has the URL set correctly:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
...
AssertionConsumerServiceURL="http://local.overhang.io:8000/auth/complete/tpa-saml/"

Also the SAML Response has the destination set correctly (thats also the redirect URL):

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                Destination="http://local.overhang.io:8000/auth/complete/tpa-saml/"

I guess SAML expects the response to either be received at 80 (ENABLE_SSL false) or 443 (ENABLE_SSL true) and doesn’t consider the fact that the local dev instance runs at port 8000.

Topic		Replies	Views
SAML in local MFE authn development environment Development	1	746	February 22, 2023
SAML Configuration Issues Site Operations Help	2	728	May 14, 2023
SAML IdP "hinted links" not working in Lilac Site Operations Help	10	967	March 17, 2022
Authentication failed: SAML login failed: ['invalid_response'] (Signature validation failed. SAML Response rejected) Site Operations Help	3	4933	November 13, 2019
TPA-hinted links with the Learning MFE Site Operations Help	7	183	July 18, 2024

Tutor dev - SAML - wrong port in tpa_saml

Related topics