ERROR_PARSING_PAYLOAD error in Validate SAML Assertion policy

Not applicable

Hi,

I am trying to configure Validate SAML Assertion Policy for default hello world API Proxy in Apigee.

Following is the xml code used:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateSAMLAssertion ignoreContentType="true" name="Validate-SAML-Assertion-1">
    <Source name="request">
     <Namespaces>
      <Namespace prefix="samlp">urn:oasis:names:tc:SAML:2.0:protocol</Namespace>
      <Namespace prefix="saml">urn:oasis:names:tc:SAML:2.0:assertion</Namespace>
     </Namespaces>
    <XPath>/samlp:Response/saml:Assertion</XPath>
    </Source>
    <TrustStore>myKeystore</TrustStore>
    <RemoveAssertion>false</RemoveAssertion>
    <DisplayName>ValidateSAMLAssertion</DisplayName>
</ValidateSAMLAssertion> 

When I hit Proxy endpoint URL in the browser or send SAML Assertion to the Proxy endpoint URL, it is showing following error:

{"fault":{"faultstring":"ValidateSAMLAssertion[Validate-SAML-Assertion-1]: Error while parsing payload","detail":{"errorcode":"steps.saml.ERROR_PARSING_PAYLOAD"}}} 

Proxy endpoint URL is given as Assertion Consumer Service URL to the Identity Provider. Is this the expected ACS URL?

If there is any configuration missing?

1 6 597
6 REPLIES 6

Former Community Member
Not applicable

@parthasarathy take a look at the payload. It might be base64 encoded. For the SAML Validate policy to work, the content-type must be application/xml or text/xml.

Hi,

Identity Provider is sending SAML Assertion in Base64 encoded format and its Content-Type is "application/x-www-form-urlencoded".

Can we set "application/x-www-form-urlencoded" content-type for Validate SAML Assertion policy? Is there any other way to allow based64 encoded SAML Assertion in Apigee?

Former Community Member
Not applicable

Hi Srinandan,

Thanks for the link. It helped me a lot.

Now i am trying to fetch attributes sent in the SAML Assertion by IDP. As per saml assertion policy once assertion is validated, attributes in the assertion will set in {saml.attributeNames} and saml.attribute.{attribute_name} flow variables.

But i am unable to retrieve these flow variables in javascript. It is giving null values for {saml.attributeNames}.

Following is the AttributeStatement stanza in the SAML Assertion sent by IDP.

<saml:AttributeStatement><saml:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">jessica</saml:AttributeValue></saml:Attribute><saml:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">bretton</saml:AttributeValue></saml:Attribute><saml:Attribute Name="emailAdderss" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xs:string">abc@test.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement>

Not applicable

Am also getting the same issue

While trying to fetch attributes sent in the SAML Assertion by IDP. As per saml assertion policy once assertion is validated, attributes in the assertion will set in {saml.attributeNames} and saml.attribute.{attribute_name} flow variables.

But i am unable to retrieve these flow variables in javascript. It is giving null values for {saml.attributeNames}.

Any pointers?

Former Community Member
Not applicable

@Harshit, there is problem in the SAML Assertion policy. The SAML Attributes don't get populated as variables. You might want to use XSLT to extract attributes (after you've validated).