HTTP ERROR 400 when logging in via SAML - Description and Resolution

HTTP ERROR 400 when logging in via SAML - Description and Resolution

Description:

      When logging into the application via SAML, the following error occurs even when the configurations are accurate.



Overview:

      When you see an HTTP ERROR 400 during a SAML login, it means there’s a "Bad Request" error. This error occurs because the server can’t understand the request due to incorrect syntax or parameters. This is a client-side error that suggests there is an issue with the request sent by the client. Let’s look at how to fix this problem.

Error traces:

      In this scenario, the serverout logs may not provide specific details, and the relevant traces are found in the security logs. You might see traces similar to the following:

[SAMLResponse] for the URI : POST : /Error| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.SecurityResponseWrapper]|[SEVERE]|[63]: CORS request "/Error" from origin : "https://login.microsoftonline.com" is not allowed| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.IAMSecurityException]|[INFO]|[63]: IAMSecurityException ErrorCode: UNAUTHORIZED_CORS_REQUEST, RequestURI: "/Error", RemoteAddr: "10.95.33.181", Referrer: "https://login.microsoftonline.com/"| [12:15:13:923]|[05-08-2023]|[com.adventnet.iam.security.SecurityFilter]|[SEVERE]|[63]: IAMSecurityException Error Code : UNAUTHORIZED_CORS_REQUEST | [12:15:13:923]|[05-08-2023]|

Resolution:

      Include the URL https://login.microsoftonline.com in the Security Headers under Access Control Allow Origin. This will allow responses from this URL.



      After updating the security headers, restart the application services to apply the changes.


                  New to ADSelfService Plus?

                    • Related Articles

                    • SAML FAQ's

                      Please find the list of frequently asked queries in SAML 1. I have enabled SAML but still could not find a way to log in using SAML Since the application has multi-tenant feature there are certain security added to the SAML login. In a SAML ...
                    • Configuring SAML with ADFS

                      Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...
                    • SAML | Configure KeyCloak as IDP

                      Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...
                    • The Saml Error code 50 appears when multiple URLs are used for the SDP

                      Issue: When multiple URLs are used for the application, SAML authentication fails on the first attempt. Fix: The issue is resolved by redirecting to the alias URL before triggering the /SamlRequest call. ISSUE ID: SD-124988 Resolution: The fix for ...
                    • Configuring SAML with Azure (New)

                      Step 1: Open the Azure Portal--->Enterprise Applications. Step 2: Select the created Enterprise Application and get started with Set up Single Sign-On. Step 3: Edit the basic SAML Configuration. Step 4: Copy the Entity ID from SDPMSP and place the ...