IBM Security Verify

 View Only
  • 1.  AssertionConsumerService not valid

    Posted Mon August 09, 2021 12:17 PM
    During the configuration of a new federation partner with Verify Access after the metadata import we try to login using the SAML login  and we found this error

    Error details
    FBTSML218E The specifications for the SAML2.AssertionConsumerService endpoint are not valid.

    Is this related to the Idp or a bad Metadata from the Sps?
     
    I did try to enable the runtime trace but got the same error with no more details.


  • 2.  RE: AssertionConsumerService not valid

    Posted Tue August 10, 2021 11:43 AM
    Hi Gabriel,

    What does the assertion consumer service endpoint look like in the metadata file?  Does it looks like a well-formatted URL?  Anything unusual?
    Can you share that part of the metadata (replace some text if you need to hide the hostname).

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: AssertionConsumerService not valid

    Posted Tue August 10, 2021 12:11 PM
    Hi Jon,

    We solve the issue, seems like they send the url and was not the correct case for the URL,

    Ex:
    Old metadata: https://<host>/managementex/saml2/Acs
    New Metadata: https://<host>/ManagementEx/saml2/Acs

    ------------------------------
    Gabriel Labarrera
    ------------------------------