Error:The request to provide authentication to a service provider has failed. (No endpoint defined for AuthnResponse-XXXX)

  • 7009780
  • 22-Nov-2011
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server

Situation

Access Manager 3.1 server setup as a SAML2 Identity Server. Needed to setup a SAML2 federation with an OpenWave SAML2 Service (SP) provider. Imported the SAML2 SP metadata into the Access Manager SAML configuration where the only entry for the AssertionConsumerService (ACS) URL was for the POST Binding e.g.

             <AssertionConsumerService

                             index="0"

                             Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

                             Location="http://novell.openwave.com:8080/ox6/ajax/saml/sso"

             />


After applying the changes and confirming that the SAML2 SP initialised successfully at the Identity server, users would get the following error hitting the intersite transfer URL:

Error:The request to provide authentication to a service provider has failed. (No endpoint defined for AuthnResponse-E1E240D48F834C12)

where E1E240D48F834C12 is the device ID of the Identity server and will be different for all IDP servers.

Resolution

Go to the Authentication Response field within the iManager SAML2 setup for the SP and change the default response binding from Artifact to POST. With the SP metadata not including any ACS entry for the Artifact binding, and the SP configured to do artifact binds by default, the above error was thrown.