I am trying to figure out if there is a way to integrate monday.com to an application. There is a social connection but I don’t want monday to be the IdP, I need it to be the service provider. I can see that this might work with an enterprise connection configuration but I am trying to reserve those for systems that have no other option. I may be trying something impossible but I want to confirm it before I have to try the enterprise connection route.
So what I have is the two systems configured with the proper endpoints and cert sharing. When the connection is tested from Monday, I receive the error:
“error”: {
“message”: “SAMLRequest message MUST be signed when using an asynchronous binding (POST or Redirect)”,
There is no option in the saml addon in the app to disable this requirement that I can find. I can also not enable this feature in the Monday system.
Is this possible? If not, why not? Why can’t we disable this requirement in our app level saml settings?
Hi @jonathan.hughes
Thank you for reaching out to us!
The error message that you are receiving is essentially a security measure from Monday.com which state that, in order to it to trust the request from your application, the request needs to be digitally signed to ensure that it has not been tampered with.
You are correct that within the SAML2 Web App addon there is no switch to disable the requirement for the certificate to be signed. This is because a connection that requires such specific SAML protocol settings for a third-party Service Provider was designated to be created as an Enterprise Connections.
While I do understand your use case and preference to complete the integration in a different way, the recommended approach would be the more robust one, and use an Enterprise Connection to Configure Auth0 as SAML Service Provider. Under this Connection type you are able toggle on/off the requirement to Sign the Request.
Depending on your current plan, it can also be possible to have additional Enterprise Connections available for you to fully support your requirements and ensure proper and reliable functionality.
Hope this helped!
Gerald
If I create an enterprise connection to monday, this makes monday my IdP does it not? That doesn’t solve the problem where I am using Auth0 as my IdP and monday as a connected application. If I make monday an enterprise connection, then I can only use the connection to give access to different applications, not monday itself. From that perspective, it appears that Auth0 does not support SSO authentication into Monday as an application. Am I wrong in this asessment?