Hi,
as per community post 55921 the issue that a SAML Response does not use a simple type for a StatusMessage was added to the backlog in 2021. Since we are currently getting such SAML Responses on a regular basis, what is the status of this backlog entry? Why do we still see such responses here:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_84e806cba6be8045dd7f" InResponseTo="_7db03859a514b9eb77fecba3396b64b8" Version="2.0" IssueInstant="2025-07-29T08:35:57.166Z" Destination="https://xxxxx/Shibboleth.sso/SAML2/POST">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
urn:xxxxx.eu.auth0.com
</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
<samlp:StatusMessage Value="ERROR MESSAGE"/>
</samlp:Status>
</samlp:Response>
Where it should have been:
<samlp:StatusMessage>ERROR MESSAGE</samlp:StatusMessage>
The (SAML-spec-conforming) Service Provider on the other end is unable to process the error response from the Auth0 IdP because of this.
Thanks for your support.