Getting SAML Error "Invalid SAML request content (no service URL)"

832 views
Skip to first unread message

Ulf

unread,
May 25, 2018, 8:07:15 AM5/25/18
to RCDevs Security Solutions - Technical


Hi I have a problem setting up SAML with one of our web applications.

All I am getting is this error about no service URL "Invalid SAML request content (no service URL)"

Am I missing something obvious here I have tried to find some logs but i don't find any
the logs are not showing anything regarding this so I am thinking this is something that doesen't even get past the SAML parser.

Can you point me in the right direction?


This is the settings that i put in to the webapplication. (I also imported the certificate)
IDP Target URL: 
 

IDP Issuer URL: 
 

this is from SAMLtrace in firefox

<samlp:AuthnRequest
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
D="_84cea018-680e-4173-82a1-7dde2a03e3ba"
Version="2.0"
IssueInstant="2018-05-25T11:56:41.7173212Z"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://mgmt-test.mgmt.local</Issuer>
/samlp:AuthnRequest>


Regards Ulf

francois...@rcdevs.com

unread,
May 29, 2018, 3:37:40 AM5/29/18
to RCDevs Security Solutions - Technical
Hi

Where do you have that error exactly? What is the application? 
Have you already tried with simplesamlphp for testing? https://www.rcdevs.com/docs/howtos/sso/single_sign_on_server/#2-configuration-of-a-service-provider-sp-initiated what is the difference?

Ulf

unread,
May 30, 2018, 7:14:59 AM5/30/18
to RCDevs Security Solutions - Technical

Hi I have now tryed to test with simplesaml byt I can't get that to work either.

I don't get any drop down with my credential providers...

My original application is Passwordstate from clickstudios.
It forwards me to the webadm server but the webadm server gives me the "Invalid SAML request content (no service URL)"


So I don't really know where to begin looking as I'm quite new to SAML

Regards Ulf

francois...@rcdevs.com

unread,
May 31, 2018, 3:52:14 AM5/31/18
to RCDevs Security Solutions - Technical
Hi 

Can you check the saml request ? You can use a tool like "SAML Chrome Panel" to do this.

Does it contains AssertionConsumerServiceURL?

Ulf

unread,
May 31, 2018, 4:20:50 AM5/31/18
to RCDevs Security Solutions - Technical
No it doesen't. this is from our passwordstate system.

"<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_9d5d78e2-c30b-4a2c-b48a-3b8ad6b548c9"
Version="2.0"
IssueInstant="2018-05-31T08:17:45.9944418Z"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://mgmt-pass.mgmt.local</Issuer> </samlp:AuthnRequest>"

francois...@rcdevs.com

unread,
May 31, 2018, 8:16:59 AM5/31/18
to RCDevs Security Solutions - Technical
That value should be added in the authrequest by your service provider. Without it, our idp doesn't know where he need to send the result.

Ulf

unread,
May 31, 2018, 8:20:29 AM5/31/18
to RCDevs Security Solutions - Technical
Ok that figures...
We will try with the ADFS route instead then. Passwordstate has guides for that.

Thanx for your support. We are still in PoC but it looks promising for an Enterprise License :-)
Reply all
Reply to author
Forward
0 new messages