I am having quite a time setting up SAML integration with a client using our platform. We're using <a href="https://github.com/onelogin/php-saml" rel="nofollow">OneLogin's php sdk</a> on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom.
It seems no matter what we do, the AuthN Response we receive from them has the status:
As I read it <a href="https://msdn.microsoft.com/en-us/library/hh269642.aspx" rel="nofollow">here</a>, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a 500 status in php.
The guy I'm working with on their end is <strong>sure</strong> that this is an issue of a configuration mismatch. Either that they're not providing the right claims, or not signing the part we're asking them to sign, etc.
But if that were the case... wouldn't they still send us a response with a success status? And maybe we'd get an error on <em>our</em> side if they didn't sign it right. But I wouldn't expect to receive the 'Responder' status from them.
Can anyone either confirm that I'm making the right assumption or set me straight it I'm wrong?Answer1:
Yes you are correct. Those two errors would not be noticed before the message reaches your side. It something else and it should not be that impossible to find looking at the logs at their side.