phpsamlsaml-2.0onelogin

What causes a Responder status in a SAML response


I am having quite a time setting up SAML integration with a client using our platform. We're using OneLogin's php sdk on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom.

It seems no matter what we do, the AuthN Response we receive from them has the status: urn:oasis:names:tc:SAML:2.0:status:Responder

As I read it here, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a 500 status in php.

The guy I'm working with on their end is sure that this is an issue of a configuration mismatch. Either that they're not providing the right claims, or not signing the part we're asking them to sign, etc.

But if that were the case... wouldn't they still send us a response with a success status? And maybe we'd get an error on our side if they didn't sign it right. But I wouldn't expect to receive the 'Responder' status from them.

Can anyone either confirm that I'm making the right assumption or set me straight it I'm wrong?


Solution

  • Yes you are correct. Those two errors would not be noticed before the message reaches your side. It something else and it should not be that impossible to find looking at the logs at their side.