`access_denied` Setting up Auth0 SAML Connections

Hello! I’m seeing an error with a couple of my SAML connections. When I click to “try” the connection, I correctly hit IdP, see the successful authentication, and hit the callback on Auth0 but with this error:
access_denied: The InResponseTo attribute does not match the id in the AuthNRequest
I can see in my SAML request that the ID (ID="_813bef97d568e19ae4efb2b958fd37ff") does in fact match the InResponseTo attribute on my response (InResponseTo="_813bef97d568e19ae4efb2b958fd37ff"). Even more confusing, when I initiate from the IdP, the flow works perfectly and I am redirected through to the service. I have other SAML connections that work just fine when I “try” them. Any idea what might be going on here?

Hello, @april.dagonese - welcome to the Auth0 Community!

Do you by any chance have a Custom Domain set up?

The most frequent reason for seeing this issue is because the request starts in A, and ends in B. So, for example, it starts in the tenant domain (A), and finishes in the Custom Domain (B). This would be the behavior of the Try button as it’s expecting a redirection back into the Dashboard.

Let me know if this explains the behavior and if you can still reproduce it outside these parameters.

Yep, we sure do. Hrm, let me try to get around the custom domain to see if it works otherwise. Thank you @joseantonio.rey!

1 Like