You need to sign in to do that
Don't have an account?
Invalid InResponseTo attribute in SubjectConfirmationData element
When configuring SAML 2.0 to use SP-Init I'm receiving the error message during token validation: Unable to parse the response: Invalid InResponseTo attribute in SubjectConfirmationData element.
I'm currently using a developer site with a normal configuration except that I've switched to REDIRECT instead of POST for binding.
The IdP receives the AuthRequest properly and generates a token from the AuthnRequest, and the InResponseTo value is being set from the AuthnRequest ID attribute.
Switching back to IdP-initiated auth works fine.
Here is the full validator output:
Last recorded SAML login failure: 2013-02-25T20:52:04.901Z
Unexpected Exceptions Unable to parse the response: Invalid InResponseTo attribute in SubjectConfirmationData element
1. Validating the Status
Unknown
2. Looking for an Authentication Statement
Unknown
3. Looking for a Conditions statement
Unknown
4. Checking that the timestamps in the assertion are valid
Unknown
5. Checking that the Attribute namespace matches, if provided
Unknown
6. Miscellaneous format confirmations
Unknown
7. Confirming Issuer matches
Unknown
8. Confirming a Subject Confirmation was provided and contains valid timestamps
Unknown
9. Checking that the Audience matches, if provided
Unknown
10. Checking the Recipient
Unknown
11. Validating the Signature
Unknown
12. Checking that the Site URL Attribute contains a valid site url, if provided
Unknown
13. Looking for portal and organization id, if provided
Unknown
Curious things of note: SAML Validator shows that my org is using SAML v0.0 even though it's configured as 2.0
Sounds like the value if getting transformed somehow. Have you verified that you're sending back exactly what was sent in the SAML AuthN Request?