Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17649

Unable to tell root cause for error 'Invalid Assertion Consumer Location specified'

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 6.5.3
    • None
    • SAML
    • None
    • Oracle JDK 1.8.0_201-b09
      Apache Tomcat 9.0.8
      AM 6.5.3
    • Rank:
      1|i0460m:

      Description

      Bug description

      SAML flow fails with error 'Invalid Assertion Consumer Location specified'

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Configure AM as SAML SP, do not specify default ports in meta data
      2. Configure another AM as SAML IdP
      3. Configure SAML integrated mode
      4. Perform AM authentication
      Expected behaviour
      debug logs should tell the root cause of error 'Invalid Assertion Consumer Location specified'
      
      Current behaviour
      Log messages logged can not be used to find out the root cause of error 'Invalid Assertion Consumer Location specified'
      excerpt from AM Authentication debug log
      amAuthSAML2:03/30/2021 10:45:11:702 AM BST: Thread[https-jsse-nio2-8443-exec-81,5,main]: TransactionId[d524069b-c2a9-4412-9863-e097a810c989-3055523]
      ERROR: SAML2Proxy: Unable to obtain SAML response
      com.sun.identity.saml2.common.SAML2Exception: Invalid Assertion Consumer Location specified
              at com.sun.identity.saml2.common.SAML2Utils.verifyAssertionConsumerServiceLocation(SAML2Utils.java:4182)
              at com.sun.identity.saml2.profile.SPACSUtils.getResponse(SPACSUtils.java:171)
              at org.forgerock.openam.authentication.modules.saml2.SAML2Proxy.getUrl(SAML2Proxy.java:183)
              at org.forgerock.openam.authentication.modules.saml2.SAML2Proxy.processSamlResponse(SAML2Proxy.java:127)
              at org.apache.jsp.saml2.jsp.saml2AuthAssertionConsumer_jsp._jspService(saml2AuthAssertionConsumer_jsp.java:120)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
              at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:467)
              at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:378)
              at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:326)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
      
      excerpt from Federation debug log
      libSAML2:03/30/2021 10:45:11:701 AM BST: Thread[https-jsse-nio2-8443-exec-81,5,main]: TransactionId[d524069b-c2a9-4412-9863-e097a810c989-3055523]
      SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache <ENTITY_ID>
      libSAML:03/30/2021 10:45:11:701 AM BST: Thread[https-jsse-nio2-8443-exec-81,5,main]: TransactionId[d524069b-c2a9-4412-9863-e097a810c989-3055523]
      SAMLUtils.sendError: error page /saml2/jsp/saml2error.jsp
      

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              bthalmayr Bernhard Thalmayr
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: