Denying invalid request with both AssertionConsumerServiceURL and AssertionConsumerServiceIndex attributes set

Document ID : KB000009246
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The following error is seen in the FWSTrace.log while trying to process an incoming authnrequest:

Denying invalid request with both AssertionConsumerServiceURL and AssertionConsumerServiceIndex attributes set

 

 

Environment:
All currently supported releases of Federated Web Services (this suite of services is provided by the Web Agent Option Pack, Federation Manager, or Access Gateway (formerly Secure Proxy Server))
Cause:

Per the SAML specifications, either the AssertionConsumerServiceURL OR AssertionConsumerServiceIndex attribute may be included, but not both. 

Resolution:

The Service Provider must alter the SAMLRequest value so that it contains only one of these attributes.

Additional Information:

OASIS document for SAML 2.0 specifications:
http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf