Last night we tried to migrate a website to our new hosting provider. This new hosting provider uses a SSL offloader and this causes a problem with a website using SAML. After the migration when we tried to login using SAML we got the error below, in the error and web.config I have changed the name of the customer to customer. We think SAML expects a HTTPS response but it gets a HTTP response. Is there a way to influence this from the web.config. I have also added a piece of the web.config with the most of the customer configuration regarding SAML, we also tried it with the CookieHandler on False but same error. I hope you guys can help us out!
Web.Config Configuration
<!-- SAML authService -->
<kentor.authServices
entityId="customersaml"
returnUrl="https://customer.domain.com"
validateCertificates="false">
<identityProviders>
<add entityId="http://ahauth01.customer.nl/adfs/services/trust" signOnUrl="https://ahauth01.customer.nl/adfs/ls/" allowUnsolicitedAuthnResponse="true" binding="HttpPost">
<signingCertificate fileName="~/Config/customer.crt" />
</add>
</identityProviders>
</kentor.authServices>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true"/>
</federationConfiguration>
</system.identityModel.services>
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<securityTokenHandlerConfiguration>
<audienceUris mode="Never" />
</securityTokenHandlerConfiguration>
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
ERROR
Saml Customersaml Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.AssertionConsumerServiceUrlDoesNotMatchPolicyException: MSIS3200: No AssertionConsumerService is configured on the relying party trust 'microsoft:identityserver:Customersaml' that is a prefix match of the AssertionConsumerService URL 'http://Customer.domain.com/AuthServices/Acs' specified by the request. at Microsoft.IdentityServer.Service.SamlProtocol.EndpointResolver.LookupAssertionConsumerServiceByUrl(Collection`1 assertionConsumerServices, Uri requestedAssertionConsumerServiceUrl, String scopeIdentity) at Microsoft.IdentityServer.Service.SamlProtocol.EndpointResolver.FindSamlResponseEndpointForAuthenticationRequest(Boolean artifactEnabled, AuthenticationRequest request, ScopeDescription scopeDescription) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.GetResponseEndpointFromRequest(SamlRequest request, Boolean isUrlTranslationNeeded, ScopeDescription scope) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolManager.Issue(HttpSamlRequestMessage httpSamlRequestMessage, SecurityTokenElement onBehalfOf, String sessionState, String relayState, String& newSamlSession, String& samlpAuthenticationProvider, Boolean isUrlTranslationNeeded, WrappedHttpListenerContext context, Boolean isKmsiRequested) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.RequestBearerToken(WrappedHttpListenerContext context, HttpSamlRequestMessage httpSamlRequest, SecurityTokenElement onBehalfOf, String relyingPartyIdentifier, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired, String& samlpSessionState, String& samlpAuthenticationProvider) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSerializedToken(HttpSamlRequestMessage httpSamlRequest, WrappedHttpListenerContext context, String relyingPartyIdentifier, SecurityTokenElement signOnTokenElement, Boolean isKmsiRequested, Boolean isApplicationProxyTokenRequired) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context) at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
