Basically, we are trying to continue the SAML flow when it hasn’t been started so we get the Unable to get AuthnRequest error. The saml error page url comes as the relative concatenated by the absolute address which leads to a 404 error.
Need to trigger a working SP-initiated flow and grab a particular request, then it’s easy to reproduce.
Use case 1:
1) We have bookmarked out login page during SP initiated transaction.
2) Close the browser window
3) Open the bookmarked login page.
4) Provide correct username / password
Customer has reported another user case observing similar behavior.
Use case 2:
1) Run SP initiated SSO with signatures enabled
2) Modify signing algo in the incoming request query parameter (this will cause signature verification to fail).
3) Run the transaction
Use case 3:
A) The user does successful SSO. On reaching SP site,
B) On the same browser window clicks on back button; this displays the auth page.
C) On the auth page, user submits valid credentials again and this same problem will appear.