正确AuthnRequest到Azure AD/idp [英] Correct AuthnRequest to Azure AD/idp
问题描述
我不断收到"AADSTS75005:该请求不是有效的Saml2协议消息."当我尝试将AuthnRequest发送到Azure AD/idp时.
在我将其压缩,转换为base64string并对该消息进行url编码之前,XML看起来像这样.
< samlp:AuthnRequest xmlns ="urn:oasis:names:tc:SAML:2.0:metadata" ID ="ide13dd575-3f6c-4131-9b9d-e12c644cf18f" Version ="2.0" IssueInstant ="2016-11-14T14:28:27.5450323Z"xmlns:samlp =" urn:oasis:names:tc:SAML:2.0:protocol>< Issuer xmlns =" urn:oasis:names:tc:SAML:2.0:assertion> {在Azure应用程序注册中注册的首页网址}</Issuer></samlp:AuthnRequest>
用户将被重定向到
I keep getting "AADSTS75005: The request is not a valid Saml2 protocol message." when I try to send an AuthnRequest to Azure AD/idp.
The XML looks like this before I zip it, convert to base64string and url encode the message.
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="ide13dd575-3f6c-4131-9b9d-e12c644cf18f" Version="2.0" IssueInstant="2016-11-14T14:28:27.5450323Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">{homepage url registered in azure app registrations}</Issuer></samlp:AuthnRequest>
the user is being redirect to https://login.microsoftonline.com/{SAML-P Sign-On Endpoint from endpoints in app in azure}/saml2?SAMLRequest={encoded saml request removed}
The same works when I send it to an other SAML2 idp (which use SimpleSAMLphp)
the web browser will be redirect to https://login.windows.net/{endpoint id}/saml2?SAMLRequest=jZBLasMwFEW3YjRXbKny72EbAqVgaCkkbQedBEVWiKktuXrP%2faytgy6pW6hJhoXQ6YV7OPf%2bfH1XqMdhgvVMR7exr7NFij7GwWHN5uDAa%2bwRnB4tAhnYru9uQa4SGC3pTpNmUXtds77rrCjy9KB4LpXian%2bV8aJLUl6Wpdknytg0y1n0ZAP23tVsQSxNxNm2Dkk7WqJEZFwILtSDlCBSkHIlZCbLtHhmZyU4uV4Wm4Inb%2fzAmurED%2f9ZoxFtoMWMNUeiCSGOx8%2fHTbu78WG3JW1e7t9sOAz%2bvYrP1KaK%2fx7X%2fAI%3d
I found the problem to this. I created the app in the new azure portal. It show the endpoint to be https://login.windows.net/{myid}/saml2
I created a new app in the old portal and now it shows the endpoint to be https://login.microsoftonline.com/{myid}/saml2
If I look at the both apps created (one in the new and one in the old portal) in the old portal, it show https://login.microsoftonline.com/{myid}/saml2
if I do the same in the new portal, it shows https://login.windows.net/{myid}/saml2 on both aps.
So there was not any error with my code, but the Azure AD portal is reporting invalid endpoints in the new portal.
这篇关于正确AuthnRequest到Azure AD/idp的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!