Hello,
My service provider works fine with many other SSO providers, but errors with FusionAuth.
I can see the (SAML SP Initiated) request is going to FusionAuth, but FusionAuth is returning back with this response: The AuthnRequest contained an invalid AssertionConsumerServiceURL
Can you tell me how to figure out what FusionAuth doesn't like? (like said, works fine with many other SAML SSO Idp's)
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns3:Response xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" Destination="https://platformqa.xxxxxx.com/Saml/AssertionConsumer" ID="_5fa02b8c-2d8f-4d50-9d50-1d000032e081">
<Issuer/>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_5fa02b8c-2d8f-4d50-9d50-1d000032e081">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>V6r7cdZvQUFj6RKP65sFB4CbB3xBJ59eQPvgB0nwIBY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>XDAzUJVpA63kME8Mfy3V2OK79gfxCgTo5sqc1Gw3Z77i7ysh6g3g5GidbU/fu4xWn6SbPuSuxZTM1fjupeaknqocJsvSba7rHOBUmL43JYQR8/a2IrtuW18gRrX3gdnudSVX6ugoovJQw1ix+lB5I18tpUiNOLaCEzBg7Tl7RlcP4iEwbPnGV5JqyrPjBqE32i5BTfPMLnmL1QvUQE1kl4eWDXc/CvFtjhJheYymIE4aipOCzC7dyunL7BwZ3Bvf1B/xJljDER0aUqn9BGZT8cIcTcO85xxTWf/Z5NfMcFmHgvVY0LlKJqMH8h94V5hjrzHuQ6FQCt+Icr+CwyX01A==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIICzDCCAbSgAwIBAQIQPFwUzvRxR1e2MjvPwnbYnDANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDExdncmJpbmNkZXYuZnVzaW9uYXV0aC5pbzAeFw0yNDA3MjUxOTAyMjZaFw0zNDA3MjUxOTAyMjZaMCIxIDAeBgNVBAMTF2dyYmluY2Rldi5mdXNpb25hdXRoLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5WuRr+f1dDA0b63IUqMyRapijzdCNaMXZSmgcuDM5CFvY10IWLikTekhjrW/E1wjCE0srolnbOfnvtRGLNJaDbP8hl0vC2xMYBJbFWSQC6Fdsz5MRVKv4xFoa8HiEbx1iTkkbrQoRSLcR1TIGBV2OxPcBL8N7Zw4SQnhlfZdGF+nujVVfP7fk7gKu5/n+O77Ep8Vm3nVxM32xmflquiV7+X8HWARpy3q/n1ex7wiuBsgptMPQ/ByVT+87yGX1sS0zK06SksAbYhm6EfajV4uPWUcUDuKee6hSlzolKNRUnNfgRhvwLnNNTRyq89RESRXoduMiJXNzuQ7pRynTgG8QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWYBwSuNUnRrMNGDcCcp/AtUoegSq5q6cHtYEO8kyqEEt3CvJRgx9wplBGTteZ38FZ5KcAegGn4tNAs6OD8aoS5h/5dvZuJ+ZXxu+jqaNGd7vOKavZG1XQeGAP0DPP5iCUo73OV2iaA4FpzkX6bRipVIBD+NDaXVfTkac4yHDtz0FTRMpPMMxk1I/08s+1KuunKato8w3SY6flOhuVwciShetUn39X0RLsRlQwwpYQFgxBfi9VJtoKZ1xOMwkB9bzxsXGpi6CrQMGDro4ndsfN1WERW9LSYR+ZDCkweW3YkXgMLwefE3Vyj7ZS256EmYMzr221XHX5ynQTKMjvf4S4</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
ns3:Status
<ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
ns3:StatusMessageThe AuthnRequest contained an invalid AssertionConsumerServiceURL [https://platformqa.xxxxxx.com/Saml/AssertionConsumer?binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST]</ns3:StatusMessage>
</ns3:Status>
</ns3:Response>