"SAML metadata not found at: <...>"

Problem statement

When attempting to create a connection by providing the metadataUrl, we receive the following response:

{"statusCode":400,"error":"Bad Request","message":"SAML metadata not found at: <metadata URL>","errorCode":"invalid_body"}  

And yet when we request the URL locally, we see the metadata in the response.

Troubleshooting

Assuming you are able to make a successful request locally, you can run a test by making a request to the URL from within an action or other extensibility code, e.g.:

const axios = require('axios');
exports.onExecutePostLogin = async (event, api) => {
  const response = await axios.get('<metadata url>');
  console.dir(response);
};

If it fails, you will see full details of the error.

Cause

This error is thrown when the request to the metadata URL fails or if there is a non-200 response. This happens before parsing, so it is not an issue with the metadata file itself.

In one particular case, it turned out the server did not support secure renegotiation, and this was likely what caused the request to fail.

Solution

This error is thrown when the request to the metadata URL fails or if there is a non-200 response.

If you are able to request the URL locally, then it could be one of the following causes:

  • Firewall blocking Auth0 IP addresses.
  • TLS issues such as lack of secure renegotiation support.
  • Non-200 response code despite working as expected.

One way to test this further and possibly determine the cause is to request the URL from within an action or other extensibility code, e.g.:

const axios = require('axios');
exports.onExecutePostLogin = async (event, api) => {
  const response = await axios.get('<metadata url>');
  console.dir(response);
};

If the server is a third-party and/or you are not in a position to change the configuration server-side, you can instead use metadataXml and submit the metadata file contents directly: Provide Metadata Document Content.