Issue in enabling SSO2 for WSO2 server

1
votes

I'm configuring SSO for EMM from : https://docs.wso2.com/display/EMM201/General+Server+Configurations

And enabling SSO2 for WSO2 server from : https://docs.wso2.com/display/IS500/Enabling+SSO+for+WSO2+Servers#EnablingSSOforWSO2Servers-ConfiguringWSO2GovernanceRegistry

I've downloaded latest versions of: WSO2 Application Server - 5.3.0 WSO2 Enterprise Service Bus - 4.9.0 WSO2 Governance Registry - 5.1.0 WSO2 Identity Server - 5.1.0

I followed steps but I think documentation is not updated and when I try access the Application Server: https://localhost:9444/carbon/ on browser I'm redirected to the Identity Server for authentication, but once I give credentials it gives following error

Command Prompt ERROR {org.wso2.carbon.identity.sso.saml.processors.SP InitSSOAuthnRequestProcessor} - ALERT: Invalid Assertion Consumer URL value 'https://172.20.1.171:9444/acs' in the AuthnRequest message from the issuer 'carbonServer'. Possibly an attempt for a spoofing attack.

Browser

SAML 2.0 based Single Sign-On

Error when processing the authentication request! Please try login again.

2
authenticationwso2wso2iswso2carbon

2 Answers

2
votes

There is a mismatch between the ACS url you have provided. You can solve this by updating the ACS URL from https://localhost:9444/carbon/ to https://172.20.1.171:9444/acs in the Service Provider.

1
votes

It looks like ACS url in your authenticatoin request is 'https://172.20.1.171:9444/acs'. But you have configured something else for following in the SAML configuration(with issuer "carbonServer").

enter image description here

Make sure both values are same.