IdP initiated SAML fails with InResponseTo error

somedude · July 16, 2019, 10:17pm

I’m trying to make the IdP initiated flow from an external SAML connection, but whenever it’s initiated, it fails with the following error:

access_denied: The InResponseTo attribute does not match the id in the AuthNRequest

The current setup comprises from djangosaml2idp, acting as my external IdP,
connected to Auth0 through an Enterprise connection.

Everything works when navigating into the app, getting redirected to the IdP login and back, but whenever I try to initiate the process from the IdP side, it fails.

jmangelo · July 17, 2019, 11:17am

If I recall correctly if the SAML provider wants to initiate the flow then the SAML response should not contain the InResponseTo attribute. In other words, this seems to be caused by a miss-behaving identity provider.

somedude · July 19, 2019, 3:42pm

Ok, I’ll try to update the IdP to avoid sending the InResponseTo attribute and see if that works.

Topic		Replies	Views
SAML assertion returning InResponseTo Help samlp , saml2	4	11481	December 17, 2018
SAML auth error after last update: The InResponseTo attribute Help saml	2	6332	December 17, 2018
The InResponseTo attribute does not match the id in the AuthNRequest Help connections , saml-enterprise-connection	4	1733	May 26, 2023
False IdP-Initiated login when Testing SAML Connection with Custom Domain Help bug	4	2951	April 18, 2024
SAML - Domain Mismatch - "The InResponseTo attribute does not match the id in the AuthNRequest" Knowledge Articles saml , connections , custom-domain , inresponseto , authnrequest , saml-enterprise-connections	1	11435	March 10, 2022

IdP initiated SAML fails with InResponseTo error

Related Topics