Hi,
Our SSO app has different domain names (id.dev.acme.com, id.dev.acme.io, etc) and all point to same instance.
Hence ACS URL is different for each domain and I’m able to configure multiple SAML Configurations for each domain.
In SP-init SSO, the ACS URL in SAMLRequest is https://id.dev.acme.com/SAML/AssertionConsumerService and in SAMLResponse the Destination URL is https://id.dev.acme.io/SAML/AssertionConsumerService. There is a mismatch and ComponentSpace throws below exception:
[ERR] Saml Service Provider exception on RecieveSsoAsyncComponentSpace.Saml2.Exceptions.SamlProtocolException: The SAML response destination https://id.dev.acme.io/SAML/AssertionConsumerService doesn’t match the local provider name or URL. at ComponentSpace.Saml2.SamlProvider.CheckDestination(StatusResponseType samlResponse, String destinationName, String destinationUrl) at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement) at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync() at Identity.Service.Controllers.SamlController.AssertionConsumerService() in /tmp/Identity.Service/Controllers/SamlController.cs:line 93
So, my question: Is it possible to validate a list of Destination URL in SAMLResponse by ComponentSpace?
Thanks
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
Once the log has been captured and as a temporary fix, disable the destination check by setting the following in your PartnerIdentityProviderConfiguration:
“DisableDestinationCheck”: true