I am working with a partner for implementing SAML federation. IDP has in-house federation solution and SP has fedlet. metadata is exchanged between both parties.
While testing the SP initiated SSO URL, we are getting 400 error in browser as shown below.
Upon looking into the logs, it throws the below exception:
ERROR: Error sending AuthnRequest
com.sun.identity.saml2.common.SAML2Exception: Could not find Single Sign-on Service URL.
at com.sun.identity.saml2.profile.SPSSOFederate.initiateAuthnRequest(SPSSOFederate.java:201)
at com.sun.identity.saml2.profile.SPSSOFederate.initiateAuthnRequest(SPSSOFederate.java:110)
at org.apache.jsp.saml2.jsp.fedletSSOInit_jsp._jspService(fedletSSOInit_jsp.java:186)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:388)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
The SOAP binding in IDP metadata and SP metadata is showing as HTTP-POST which is as agreed between both parties upfront.
Resolution:
Though IDP metadata has HTTP-POST configured as binding, it is actually using some other binding. When we change the IDP to HTTP-POST internally and exchange the IDP metadata again, issue disappeared.
Therefore the SOAP binding has to be same between both IDP and SP for SP to send the SAML authentication request.
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com