Error: Failed to receive authentication request by HTTP redirect for SAML POST

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IDP Version Affected: All

    Description: 

    When using SP initiated by POST with redirect, the workflow gets redirected (using IIS IP Address restrictions and an error 403 redirect) the original SP POST info is being lost and the error “failed to receive authentication request by HTTP POST” is presented.

    Cause:

    SP Initiated by POST means that the application sends an initial SAML request to SecureAuth over a POST. SP Initiated means that the application sends that request to SecureAuth in the URL (you can see it in your browser URL bar).
    When using POST, the IIS 403 error page is not robust enough to preserve the POST data from one realm to the other. Therefore, the redirect will occur, but the POST data is dropped.
    If you would like to preserve that POST data from one realm to another, you must use URL Rewrite module for IIS and set the redirect method to "307 (Temporary)".

    Resolution:

    Create a URL Rewrite IP Restriction Rule to Configure IIS 403 Error ReDirect between SAML Realms for temporary (307) when creating the URL rewrite rule.



    Reference: https://docs.secureauth.com/display/KBA/Use+URL+Rewrite+for+IP+Restrictions

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

     

    1 out of 1 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.