I was trying to setup a SAML identity provider to test my Service Provider but I kept getting the base64 decoding saml message in the sever log when the SP sent Authnrequest to the server. What I was trying to do was setting up a simple SAML IdP which doesn’t require the SP to sign the request but it should sign the response.
I initially thought this was OK because the translation was done by my SP when using http-redirect (it does not support http-post).
But now I’m kind of lost.
Maybe one of the actor doing this base64 encoding missed the ‘url’ flavor (for example in python you have to use urlsafe_b64encode() instead of b64encode()).
Yes, that’s it. And Also ‘_’ for ‘/’ charecters. But more precisely they should ensure they use the right base64Encode function (or option), which certainly exists in the language they use to make this conversion.