Topic by Roger Beggs
Content
I am trying to authenticate using single sign-on by sending this SAML request to Service Cloud:
POST /cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php HTTP/1.1
Host: {sc-host}
Origin: {app-host}
Content-Type: application/x-www-form-urlencoded
Content-Length: nnn
SAMLRequest={saml}&RelayState=some_token
where {saml} is a base64 encoding of this request:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_8dcc6985f6d9f385f0bbd4562ef848ef3ae78d87d7" Version="2.0"
IssueInstant="2018-03-10T15:26:20Z"
AssertionConsumerServiceURL="https://{app-host}/assertion"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Destination="http://{sc-host}/cgi-bin/rnowgse00137.cfg/php/sso/saml2/idp/post/login.php">
<saml:Issuer>{app-host}</saml:Issuer>
</samlp:AuthnRequest>
But it always returns an HTTP 400 (Bad Request) error with no other information.
Is there something wrong with this request, and how do I know what it is? Are there any logs that a user can access?
I have validated the request with a third-party tool and tried various other sample requests that I found on the Internet. Are there any examples of a request that Service Cloud considers valid?
Does it have to have a certificate? If so, is there a way I can turn this off for initial testing?
Any help much appreciated.