Hi,
I have a Windows Server 2012 machine, which has Active Directory Federation Services installed to allow it to act as an Identity Provider. I have a Shibboleth Service Provider which is using my IDP to authenticate, however the artifact resolution binding does not appear to be working.
I can confirm that my ADFS configuration database is set up to use SQL server and the artifact resolution endpoint is enabled. I have looked in the artifactstore database and there appears to be a SAML response generated and stored. I have run this through a SAML validator and it is a valid response. The error message that the Shibboleth side returns is:
Identity provider returned a SAML error during artifact resolution.
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Requester
When I check the ADFS event logs, the error reported is:
The artifact resolution request failed.
Additional Data
Exception message:
MSIS0018: The SAML protocol message cannot be read because it contains data that is not valid.
I have enabled ADFS tracing and this is the only message returned there also. Can anyone help please?
Thanks,
Fran