What causes a Responder status in a SAML response


I am having quite a time setting up SAML integration with a client using our platform. We're using <a href="https://github.com/onelogin/php-saml" rel="nofollow">OneLogin's php sdk</a> on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom.

It seems no matter what we do, the AuthN Response we receive from them has the status: urn:oasis:names:tc:SAML:2.0:status:Responder

As I read it <a href="https://msdn.microsoft.com/en-us/library/hh269642.aspx" rel="nofollow">here</a>, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a 500 status in php.

The guy I'm working with on their end is <strong>sure</strong> that this is an issue of a configuration mismatch. Either that they're not providing the right claims, or not signing the part we're asking them to sign, etc.

But if that were the case... wouldn't they still send us a response with a success status? And maybe we'd get an error on <em>our</em> side if they didn't sign it right. But I wouldn't expect to receive the 'Responder' status from them.

Can anyone either confirm that I'm making the right assumption or set me straight it I'm wrong?


Yes you are correct. Those two errors would not be noticed before the message reaches your side. It something else and it should not be that impossible to find looking at the logs at their side.


  • Retrieve plaintext WS-Security password at service endpoint with Metro + WSIT?
  • pushed to heroku but no changes to app?
  • How to use CXF STS and X509v3 BinarySecurityToken
  • add a tab programically, c# tab control
  • Python - Creating a dictionary using List
  • How do I apply XACML rules to every child URI?
  • How can a console application sudo itself under OS X if it needs root privileges? [closed]
  • java.lang.NoClassDefFoundError for org/springframework/aop/framework/AbstractAdvisingBeanPostProcess
  • What's “msgid” and “xliff” in strings.xml file?
  • How to access gmail API?
  • Is it necessary to call system.loadLibrary explicitly for accessing the native methods in a NativeAc
  • Use allowDiskUse in criteria query with Grails and the MongoDB plugin?
  • Obtain actual browser URL in PHP
  • NHibernate proxyexception
  • Cryptic error when trying to run POW
  • How to add the custom button on google's(device) native application in android?
  • Can long-polling be achieved in Restlet by just making the thread sleep?
  • What is the default HTTP verb in WebApi ? GET or POST?
  • apply a javascript function to draggable copy
  • Consuming a WCF service in a Java Client using wsHttpBinding
  • Exception gevent.hub.LoopExit: LoopExit('This operation would block forever',)
  • Can't remove headers after they are sent
  • Ember.js model to be organised as a tree structure
  • JBoss External Properties Files in Classpath
  • How to use JavaScript to determine whether a file exists in a directory?
  • Installed module is empty
  • Jackson Parser: ignore deserializing for type mismatch
  • How do I pass the string value parameter of the selected list item from an auto-populated dropdown l
  • OpenGL ES texture problem, 4 duplicate columns and horizontal lines (Android)
  • Different response to non-authenticated users and AJAX calls
  • Arrow is showed instead of the material design version hamburger icon. Why doesn't syncState in
  • Can I have the cursor start on a particular column by default in jqgrid's edit mode?
  • How can I estimate amount of memory left with calling System.gc()?
  • VB.net deserialize, JSON Conversion from type 'Dictionary(Of String,Object)' to type '
  • Data Validation Drop Down Box Arrow Disappearing
  • File upload with ng-file-upload throwing error
  • ExecuteAsync RestSharp to allow backgroundWorker CancellationPending c#
  • AngularJs get employee from factory
  • Why can't I rebase on to an ancestor of source changesets if on a different branch?
  • Unable to use reactive element in my shiny app