Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Error in SAML - Unable to find SAML SSO/SP Connector object matching SAML Authn Request

Feb 26 13:13:15 err tmm2[14202]: 014d0002:3: 8aab4afd: SSOv2 Error: No SP Connector attached to SAML SSO from assigned SAML resources matching authentication request. If ACS URL is present in authentication request it should match ACS URL from SP Connector. If Issuer is present in authentication request it should match entity_id from SP connector. Feb 26 13:13:15 err tmm2[14202]: 014d0002:3: 8aab4afd: SSOv2 Error(16) Unable to find SAML SSO/SP Connector object matching SAML Authn Request

It seems like everything matches up but I keep getting this error. I have checked the following:


AssertionConsumerServiceURL


Sent by SP http://somedomain.com/techy-test/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1" F5 ACS http://somedomain.com/techy-test/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/saml2-acs.php/1

Issuer ID


Sent by SP http://somedomain.com/techy-test/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1 F5 SP Entity ID http://somedomain.com/techy-test/wp-content/plugins/saml-20-single-sign-on/saml/www/module.php/saml/sp/metadata.php/1

This data is from the APM logs so what other piece of information is it trying to match to determine the correct SP Connector?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Found the issue (I needed to read the log more carefully) it turned out that I didn't have a SAML resource and I didn't have a resource on the webtop either. Error tends to be misleading but read as much as the log as you can.

0
Comments on this Answer
Comment made 18-Sep-2015 by Przemyslaw Wyrzykowski 53
I would like to receive any response in this situation beside reset connection - is there any chance to do that ? I have configured different webtops for few types of users ( client, partner ... ect ) - each of them has group of resources on own webtop and if some resource isn't attached because it has to be, what to do to not get reset connection in this situation ?
1
Comment made 08-Jun-2018 by Juraj 177

Trying to solve the same problem. I'd like to show a webpage to our clients with some error message, instead of just the TCP reset they get now.

0