SAML login failed wiht invalid_response and there is no AttributeStatement on the Response

By: Marco Weiss user 08 Mar 2018 at 1:40 a.m. CST

4 Responses
Marco Weiss gravatar
Dear gluu, as you can follow up in this two tickets the error are "solved" but a new one came across. https://support.gluu.org/single-sign-on/5183/certificate-decode-error-on-sso/#at30852 https://support.gluu.org/single-sign-on/5155/shibboleth-503-on-restart-new-instance/#at30811 At the moment my Openedx redirect me to gluu, i can login there and will be redirected to openedx. There i get the message Authentication failed: SAML login failed: ['invalid_response'] (There is no AttributeStatement on the Response) Now i googled a while and found some postings where i have to add this to gluu but no one wrotes exactly where and what. Hope you can me point to the right direction. Thank you in advance! Marco Weiß
CentOS 7.4
closed

Answers

By Thomas Gasmyr Mougang staff 08 Mar 2018 at 4:02 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Hi **Marco**, I'm researching your problem. I will come back to you once completed.

By Thomas Gasmyr Mougang staff 08 Mar 2018 at 4:37 a.m. CST

Copy
Thomas Gasmyr Mougang gravatar
Have you test the solution provide in the second post of [this](https://groups.google.com/forum/#!topic/openedx-ops/d-rmACND180) link?. You can try going to the edx SAML configuration, find the "other config str" section, and add ``` "SECURITY_CONFIG": { "requestedAuthnContext": false } ``` Also provide the SAML response(you can use a SAMl Tracer to capture that) in case the error persist. Thanks.

By Marco Weiss user 08 Mar 2018 at 8:29 a.m. CST

Copy
Marco Weiss gravatar
Hi Thomas, thank you for looking into this. Yes i saw this link and now i know it was my mistake ... Sorry for that. I did not read carefully or maybe it is not written but i did not add attributes to the Trust Relationship i created. Now it is "working" I just do not have a country attribute although i added it to the list for attributes in the trust relationship. But i think that have to do with my cache refresh... So thank you again and if i have a problem with cache refresh i will open up another ticket. Marco

By William Lowe user 08 Mar 2018 at 8:35 a.m. CST

Copy
William Lowe gravatar
Sounds good, Marco. Thanks for confirmation.

Post an answer