Troubleshooting Error Decoding Request Messages for SAML

Troubleshooting Error Decoding Request Messages for SAML

There are two main URLs that should be used to send authnRequests to RapidIdentity. These URLs point to specific handlers that will only process an authnRequest sent via a particular method.

If you look at the location bar when you're seeing the error message from RapidIdentity, you should be able to discern which method is being used. If the URL has something like ?SAMLRequest= appended to it, it is being sent using the GET method. If the URL is plain (no block of alphanumeric text appended), it is most likely being sent using the POST method.

/idp/profile/SAML2/POST/SSO: This URL should be used if the authnRequest is being sent via the POST method.

/idp/profile/SAML2/Redirect/SSO: This URL should be used if the authnRequest is being sent via the GET method.

If the wrong method is used to send the request, RapidIdentity will log a message advising that it cannot decode the request.