pfsense-saml2-auth icon indicating copy to clipboard operation
pfsense-saml2-auth copied to clipboard

Published 20 hours ago verified publisher icon jaredhendrickson13

Google SAML invalid response

Open mynksh opened this issue 4 years ago • 2 comments

Google SAML response in ACS page is not adequately parsed/handled.

image

mynksh avatar Sep 21 '21 09:09 mynksh

Hey!

The invalid_response is just the default error that is returned whenever a SAML2 error occurs. If you enable the debug mode within the System > SAML2 UI page it will give you the details of what went wrong instead of the default error. Once the problem is resolved, be sure to disable the debug mode as the error details can be considered sensitive information.

Thanks.

jaredhendrickson13 avatar Sep 27 '21 22:09 jaredhendrickson13

Just additional, if you are testing/setting up you might want to have a browser plugin like SAML Tracer running, so you can see exactly what is being sent to your IDP aswell as the respose(s) from your pfSense SP.

Glowsome avatar Oct 15 '21 22:10 Glowsome