Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18014

Malformed SAML2 error page URL after getting the Unable to get AuthnRequest error



    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 6.5.3
    • None
    • SAML
    • Rank:


      Bug description

      Basically, we are trying to continue the SAML flow when it hasn’t been started so we get the Unable to get AuthnRequest error. The saml error page url comes as the relative concatenated by the absolute address which leads to a 404 error.

      How to reproduce the issue

      Need to trigger a working SP-initiated flow and grab a particular request, then it’s easy to reproduce.

      Use case 1:

      1) We have bookmarked out login page during SP initiated transaction.

      2) Close the browser window

      3) Open the bookmarked login page.

      4) Provide correct username / password

      Expected behaviour
      The login page redirects the user correctly to OpenAM.
      User should be redirected to SAML2 error page.
      Current behaviour
      The login page redirects the user correctly to OpenAM.
      User is redirected to wrong SAML2 error page.

      Customer has reported another user case observing similar behavior.

      Use case 2:

      1) Run SP initiated SSO with signatures enabled

      2) Modify signing algo in the incoming request query parameter (this will cause signature verification to fail).

      3) Run the transaction


      Use case 3:

      A) The user does successful SSO. On reaching SP site,

      B) On the same browser window clicks on back button; this displays the auth page.

      C) On the auth page, user submits valid credentials again and this same problem will appear.


      Work around



          Issue Links



              Unassigned Unassigned
              greg.galanopoulos Greg Galanopoulos
              0 Vote for this issue
              4 Start watching this issue