什么导致 SAML 响应中的响应者状态 [英] What causes a Responder status in a SAML response

问题描述

我花了很多时间使用我们的平台与客户建立 SAML 集成.我们使用 OneLogin 的 php sdk 作为服务提供商.不确定他们使用什么作为身份提供者，或者它是否是自定义的.

I am having quite a time setting up SAML integration with a client using our platform. We're using OneLogin's php sdk on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom.

似乎无论我们做什么，我们从他们那里收到的 AuthN 响应都具有以下状态:urn:oasis:names:tc:SAML:2.0:status:Responder

It seems no matter what we do, the AuthN Response we receive from them has the status: urn:oasis:names:tc:SAML:2.0:status:Responder

当我在此处阅读时，这意味着他们这边有问题(我们不知道是什么).相当于 php 中的 500 状态.

As I read it here, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a 500 status in php.

和我一起工作的那个人确定这是一个配置不匹配的问题.要么他们没有提供正确的声明，要么没有签署我们要求他们签署的部分，等等.

The guy I'm working with on their end is sure that this is an issue of a configuration mismatch. Either that they're not providing the right claims, or not signing the part we're asking them to sign, etc.

但如果是这样的话……他们是否仍会向我们发送成功状态的响应?如果他们没有正确签署，也许我们会在我们方面遇到错误.但我不希望收到他们的回复者"状态.

But if that were the case... wouldn't they still send us a response with a success status? And maybe we'd get an error on our side if they didn't sign it right. But I wouldn't expect to receive the 'Responder' status from them.

谁能确认我做出了正确的假设，或者让我直截了当地说我错了?

Can anyone either confirm that I'm making the right assumption or set me straight it I'm wrong?

推荐答案

是的，你是对的.在消息到达您身边之前，不会注意到这两个错误.它是别的东西，在他们身边查看日志应该不是不可能的.

Yes you are correct. Those two errors would not be noticed before the message reaches your side. It something else and it should not be that impossible to find looking at the logs at their side.

这篇关于什么导致 SAML 响应中的响应者状态的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！