SAML POST back to wrong callback URL

I’ve configured a SAML enterprise connection to use Auth0 as service provider with Azure Active Directory. The authentication piece works fine, but the SAML validation response back from Auth0 gets POST’ed to our webapp callback url instead of to the AAD identity provider. This is causing a 405 error because we don’t allow POST’s to our webapp callback. I have the callback url in the SAML config properly set and it matches the SAML connection that we are using for another customer who it works for fine. Any thoughts here would be greatly appreciated.

I seem to be having the same problem as this topic, which was closed but never answered by support:

Hi @jason.dodds , welcome to the community!

You mention you are using Auth0 as the service provider, if that is the case then once Auth0 has completed the authentication with the SAML IdP (Azure AD), it should finally post back the response to the redirect_uri provided in the /authorize call that began the login.
If you are starting the flow via SAML instead of OAuth, then the response should be sent back to the AssertionConsumerServiceUrl, which must be in the app’s Allowed Callback URLs. ( see remarks here )

Why do you need to post it back to Azure? I would expect if Azure is the IdP it would be posting the SAML assertion response to Auth0 (which would then in turn return it to the configured callback URL), not the other way around? Sorry if I have misunderstood your situation.

1 Like