Componentspace Highlevel API behind Load Balancer

We’ve been successfully using the Low Level API as a Service Provider behind a load balancer. We’re now setting up a second simpler application that doesn’t need the complexity of the Low Level API so we’re attempting to use the High Level API also behind a load balancer (Amazon ELB).

IDP Initiated SSO is working correctly but SP Initiated isn’t working correctly (to ADFS). ADFS is giving the the following error:

The request specified an Assertion Consumer Service URL ‘http://externalhostname:905/SAML2.ashx?action=sso’ that is not configured on the relying party ‘urn:replicon:saasa-ec2’.
Assertion Consumer Service URL: http://externalhostname:905/SAML2.ashx?action=sso
Relying party: urn:replicon:saasa-ec2

The external URL for the assertion consumer service is https://externalhostname:905/SAML2.ashx?action=sso on the load balancer. The internal IIS is running HTTP on port 905.

Is there a way in the SAML2 High Level API to specify what the external endpoint of the Assertion Consumer service is so?

The authn request sent by the SP includes the assertion consumer service URL. ADFS checks this URL against the configured assertion consumer service URLs for the relying party (ie SP).
The assertion consumer service URL in the authn request is the URL configured for the in your SAML configuration.
To specify “http://externalhostname:905/SAML2.ashx?action=sso” as the assertion consumer service URL included in the authn request your SAML configuration should include:

<ServiceProvider Name=“urn:replicon:saasa-ec2”

If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to mentioning this topic. Also include your SAML configuration and the error information from ADFS.

Thanks! this helped me track down my issue. I had used ~ in my Endpoint config which causes ASP.Net to incorrectly calculate the address. I just need to replace it with a absolute URL.