Topic by Roger Beggs
Content
I am trying to authenticate using single sign-on by sending this SAML request to Service Cloud:
POST /cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php HTTP/1.1 Host: {sc-host} Origin: {app-host} Content-Type: application/x-www-form-urlencoded Content-Length: nnn SAMLRequest={saml}&RelayState=some_token
where {saml} is a base64 encoding of this request:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7" Version="2.0" IssueInstant="2018-03-10T15:26:20Z" AssertionConsumerServiceURL="https://{app-host}/assertion" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Destination="http://{sc-host}/cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php"> <saml:Issuer>{app-host}</saml:Issuer> </samlp:AuthnRequest>
But it always returns an HTTP 400 (Bad Request) error with no other information.
Is there something wrong with this request, and how do I know what it is? Are there any logs that a user can access?
I have validated the request with a third-party tool and tried various other sample requests that I found on the Internet. Are there any examples of a request that Service Cloud considers valid?
Does it have to have a certificate? If so, is there a way I can turn this off for initial testing?
Any help much appreciated.