I have been searching this forum and was all over the place to get what I want but I could only end up in posts which are only "related" to what I wanted to ask.
Here is the scenario that we have
trust is established between our ADFS server and partners ADFS server .
We have an application that is configured as a relaying party to our ADFS server .
Our partner company need to access the application via SSO.
Developers in our partner's company want to post SAMLResponse to our ADFS server using the blow format .
<FORM METHOD="POST" ACTION="https://ourserver/adfs/ls/">
<INPUT TYPE="hidden" NAME="SAMLResponse" VALUE="base64 encoded value"/>
....
the adfs error page that says somthing like " cannot access this page ...." with a reference number is displayed. No error is logged at all related to this issue. however I know that our adfs setup logs errors correctly from other implementations.
here are my questions
1. Is it correct that the post should be made to https://ourserver/adfs/ls/
2. my understanding is that the adfs service will do the necessary claim extraction from the SAML response and pass to the relaying parties . what I wanted to know is how the adfs relates the extracted claim information to the relaying party in the IDP scenario?
3. does the Response xml always start with <samlp:Response .... ?
what if it starts with <Response ...
Thanks