HTTP ERROR 400 when logging in via SAML - Description and Resolution
Description:
When logging into the application via SAML, the following error occurs even when the configurations are accurate.
Overview:
When you see an HTTP ERROR 400 during a SAML login, it means there’s a "Bad Request" error. This error occurs because the server can’t understand the request due to incorrect syntax or parameters. This is a client-side error that suggests there is an issue with the request sent by the client. Let’s look at how to fix this problem.
Error traces:
In this scenario, the serverout logs may not provide specific details, and the relevant traces are found in the security logs. You might see traces similar to the following:
[SAMLResponse] for the URI : POST : /Error| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.SecurityResponseWrapper]|[SEVERE]|[63]: CORS request "/Error" from origin : "https://login.microsoftonline.com" is not allowed| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.IAMSecurityException]|[INFO]|[63]: IAMSecurityException ErrorCode: UNAUTHORIZED_CORS_REQUEST, RequestURI: "/Error", RemoteAddr: "10.95.33.181", Referrer: "https://login.microsoftonline.com/"| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.SecurityFilter]|[SEVERE]|[63]: IAMSecurityException Error Code : UNAUTHORIZED_CORS_REQUEST | [12:15:13:923]|[05-08-2023]|
Resolution:
Include the URL https://login.microsoftonline.com in the Security Headers under Access Control Allow Origin. This will allow responses from this URL.
After updating the security headers, restart the application services to apply the changes.