The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs

Question

The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs

zeyser opened this issue 2 years ago · 4 comments

Hi!
i'm using v.2.19.1 and I have confusing error - The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs
I can't understand - why in error message abolutlely equal string https://{site}/api/sso/acs === https://{site}/api/sso/acs ?
From source -

$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL);
if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) {
    $currentURLNoRouted = OneLogin_Saml2_Utils::getSelfURLNoQuery();
    $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted);

    if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) {
        throw new OneLogin_Saml2_ValidationError(
            "The response was received at $currentURL instead of $destination",
            OneLogin_Saml2_ValidationError::WRONG_DESTINATION
        );
    }
}

I read in similar issues that problem can be related to proxy that stands before PHP, but from source code and error message it's not clear is it really the proxy issue.

Does someone faced a similar problem?
How can I debug a real issue that cause to such error?

Answer 1 · 2023-06-06T15:50:55.000Z

It need to be something else. Have you checked the content inside the SAMLResponse? Maybe there is some extra space or something.

Answer 2 · 2023-09-13T12:16:21.000Z

I've got a similar issue that i've managed to track down to Utils::getSelfRoutedURLNoQuery().

When i've got a 3rd part in my url, it does not work. (/saml/acs/).
What i'd expect to be returned is: /saml/acs/
What is actually returned: /saml/

If I remove the hash from the URL earlier in my application, it works just fine.

Answer 3 · 2023-11-30T13:20:14.000Z

I'm also facing an issue.

The response was received at https://<<WebApp>>.azurewebsites.net:8080/index.php instead of https://<<public domain>>/index.php?/auth/saml/acs

invalid_response
Not authenticated

My Application is hosted on Azure AppService, using the Code publishing model and PHP 8.1 runtime stack. It is accessible through the Azure Application Gateway. My public domain is linked to the Application Gateway, not in the AppService.

Any Fix?

Answer 4 · 2023-12-02T14:22:09.000Z

Finally, I fixed this issue by adding a public domain in the app service and changing the $_proxyVars = true; in Utils.php.