Destination attribute in SAML response is missing when OpenSAML v4 enabled
Last updated 2022-06-27 ·Reference W-11276822 ·Reported By 3 users
When "Upgrade SAML Single Sign-On Framework" is enabled, Destination attribute in SAML response is missing.
When "Upgrade SAML Single Sign-On Framework"(UseOpenSAMLV4Outbound) is enabled, the opensaml library is different when it's disabled. The new version doesn't explicitly set Destination attribute while the old version sets Destination during encoding. It looks like this behavior itself is intended because "Destination" attribute in the response would be optional according to SAML spec. On the other hand, some SPs might validate the response with Destination.
1. Enable "Upgrade SAML Single Sign-On Framework" in RELEASE UPDATES menu
Enable "Authentication: Apply “Upgrade SAML Single Sign-On Framework” release update" in BT
2. Configure Salesforce IdP
3. Start IDP initiated SSO
4. You can see SAML Response has no Destination attribute
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.