Unable to successfully validate SAML Response while using API Gateway and zuul proxy

I have a Java API Gateway that uses zuul proxy to route requests to downstream services. One of these services is a .Net Core SAML service that handles SAML responses. I have proven that I can receive a response from this SAML service when performing a GET against a controller in my SAML service. However, when POSTing a SAMLResponse to my endpoint, I receive the following messages in my log:

2020-07-07T09:29:38.483996972Z fail: ComponentSpace.Saml2.SamlServiceProvider[100]
2020-07-07T09:29:38.484011429Z Receiving an SSO response from a partner identity provider has failed.
2020-07-07T09:29:38.484015346Z ComponentSpace.Saml2.Exceptions.SamlBindingException: A SAML message cannot be received as the HTTP request is unrecognized.
2020-07-07T09:29:38.484018993Z at ComponentSpace.Saml2.SamlProvider.ReceiveMessageAsync()
2020-07-07T09:29:38.484023592Z at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
2020-07-07T09:29:38.484594063Z fail: saml-service.Controllers.SAMLSpController[0]

I am wondering if I am having issues with my destination attribute in my SAMLResponse because of the downstream service having a different URL than my API Gateway. How can I see the details behind the unrecognized request at a lower level?

I’ve also tried to disable the destination check in the PartnerIdentityProviderConfigurations, but that didn’t seem to do the trick–thinking that the destination may not be the issue.

Thanks a bunch!


Hi Charles,

I suggest enabling SAML trace and taking a look at the log file. We log the HTTP request received and the decoding to the SAML response XML etc.


You’re welcome to send the log file to support@componentspace.com, mentioning your forum post, if you’d like us to take a look.