How can I add Auth0 as IdP into ADFS?

Hello Auth0 community.

I want to use Auth0 as an IdP for my application. So here is the flow:
Web Application → ADFS → Auth0 → Social

I’ve red this link and did whatever it says; in order to add Auth0 as a Claims Provider into ADFS I’ve used the SAML Metadata URL. As a result I can now select Auth0 as IdP (or CP in ADFS terms) on ADFS login page and it redirects user to log in on Auth0. And client can authenticate on Auth0 with no doubt. But, when ADFS receives the HTTP POST SAML response from Auth0 it throws an error “MSIS0050: SAML Response does not match SAML request.”. And thus, client cannot login to web app.

Here are the details of the exception:

Encountered error during federation passive request. 

Additional Data 

Protocol Name: 
Saml 

Relying Party: 
 

Exception details: 
Microsoft.IdentityServer.Web.UnsupportedSamlResponseException: MSIS0050: SAML Response does not match SAML request. Request ID: id-2252c816-02de-423c-b518-703cbfd26055, response InResponseTo: 
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetSecurityTokenFromSignInResponse(ProtocolContext context)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

So, What can be the problem here? Can you please help me on this?

Hey there @johnnyblazeodb, when you get a minute can you try adding the AssertionConsumerServiceURL to the allowed callback URLs? I’ve also linked our SAML documentation below. Thanks in advance!

Hi @James.Morrison . I’ve added the ADFS’s address (something like https://`<private adfs domain>.com/adfs/ls) and added the web application's addresses (https://<private web app domain>.com, https://auth.<private web app domain>`.com). Also set the ADFS’s address as Application Callback URL on Auth0 and added the Auth0’s SAML Metadata URL as a Claims Provider on ADFS. But still having problem. Can you please give technical details to follow for my scenario?

BR.

@johnnyblazeodb when you get minute can you DM me your tenant name? I’d like to take a deeper look at what may be going on. Thanks.

I wanted to follow up with you @johnnyblazeodb, I see you have a open support ticket that you are currently working with our support team to get to the bottom of this. To concentrate efforts i’ll have our support team take point on this front.

For historically thread context sake I will link the standard SAML ADFS documentation below and once a resolution from the ticket has been surfaced I will share that as well. Please let me know if you have any additional questions. Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.