ACS URL in unsigned request could not be verified

I'm migrating from 4.4.2 to 4.5.3 and I've setup the same SAML SP in both environments using the same certificates. 

There is 2 SP's using the same Entity ID and SP configuration in NAM. 

AuthN1 works in both 4.4.2 / 4.5.3  Entity ID and ACS in the authN request match the metadata.

For example: 

<saml2p:AuthnRequest AssertionConsumerServiceURL="https://ACS.jsp"Destination="https://nam/nidp/saml2/sso" ID="_1da80ed97980b3c1ee153452346bbc"IssueInstant="2020-09-24T14:38:00.931Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://novell.com</saml2:Issuer></saml2p:AuthnRequest>

 

AuthN2 works in 4.4.2 only. EntityID matches the metadata but has a different ACS. 

<saml2p:AuthnRequest AssertionConsumerServiceURL="https://ACS1.jsp"Destination="https://nam/nidp/saml2/sso" ID="_1da80ed97980b3c1ee153452346bbc"IssueInstant="2020-09-24T14:38:00.931Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://novell.com</saml2:Issuer></saml2p:AuthnRequest>

4.5.3 generates that ACS URL in unsigned request could not be verified. 

My understanding that since it's unsigned NAM shouldn't be verifying the ACS..

Parents Reply Children