1

Closed

SP metadata has incorrect ArtifactResolutionService Binding

description

The SP metadata that is generated by this module adds incorrect bindings like so.
 <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://web1.contoso.com/saml2app2/Login.ashx" index="0" />
    <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://web1.contoso.com/saml2app2/Logout.ashx" index="0" />
   
Thus importing at AD FS fails with "Error message: An entry with the same key already exists."

I've got around this by editing the metadata file that is autogenerated and removing the signature and the erroneous ArtifactResolutionService Binding that points to logout.ashx.
Closed Nov 16, 2015 at 12:51 AM by i8beef
As per conversation, this was a documentation issue, as "index" is required on endpoints, not optional.

comments

i8beef wrote Oct 30, 2015 at 2:00 AM

This isn't incorrect, your config is just missing something (which is probably because the documentation was missing it, sorry about that, corrected). When you have two endpoints of the same binding type, the SAML spec requires that you have a unique "index" on each of them. Try adding the index="0" and index="1" to your web.config serviceProvider endpoints of this type.