1

I have configured the Onelogin SAML Toolkit for PHP per the documentation. Sadly the output from base64_decode() function is incorrect.

I used the Onelogin Online decode and Inflate tool and get a correct value with same SAMLResponse.

SAML Assertions are signed, not encrypted per the IDP maintainer. IDP x509 certificate is correct in settings.

Where would I look next?

rcs
  • 67,191
  • 22
  • 172
  • 153
user3756299
  • 11
  • 1
  • What binding is used to deliver `SAMLResponse` and **how** is the result of `base64_decode` incorrect? Does it yield gibberish, does it yield invalid XML, should it produce gzdeflated content.. some code and some output would help, especially this `SAMLResponse` that you're dealing with. – N.B. Sep 09 '16 at 17:43

1 Answers1

0

The toolkit expects the SAMLResponse to be received at the ACS URL endpoint using the HTTP-POST binding, and base64 encoded (not deflated, so you dont need to decode and Inflate it).

I think that you are trying to process a SAMLResponse using the HTTP-Redirect binding that is not officially supported.

smartin
  • 2,957
  • 2
  • 23
  • 33