1. Help and Support | Digital Theatre+
  2. Authentication
  3. Set-Up Guides for Specific SSO Service Providers

Shibboleth returns message security error for Federated SAML

What to do when the Authentication Request to Shibboleth results in a Message Security Error when using Federated SAML

If you encounter the following message:

Message Security Error
The request cannot be fulfilled because the message received does not meet the security requirements of the login service.

And your Identity Provider logs include a message like:

[org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:77] - 
SPSSODescriptor for entity ID 'https://auth.digitaltheatreplus.com'
indicates AuthnRequests must be signed, but inbound message was not signed

Please update the relying-party.xml file with the following override:

<bean parent="SAML2.SSO" p:signRequests="false" />