We are working on an application, which is protected with spring security saml.
Authentication works fine, but there is one problem with the following workflow in production environment.
Now we get the following exception in our application:
org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message arGdsZwJtHzTDjQP1oYqbjNO
Any ideas how to handle this workflow so the user can use the application after successful login? Thanks for your answers!
We have solved our issue with following changes to the spring saml configuration:
successRedirectHandler
(org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
) we set the defaultTargetUrl to the init-Action of our application (including all request parameters). This url will be automatically used in case of IdP initiated SSO.contextProvider
(org.springframework.security.saml.context.SAMLContextProviderLB
) we set storageFactory to org.springframework.security.saml.storage.EmptyStorageFactory
. This disables the check of the InResponseToField.