The InResponseTo attribute does not match the id in the AuthNRequest

atripathi · March 14, 2023, 4:06am

Hi All,
I am facing issue of InResponseTo error. In my setup Auth0 is acting as SP and Okta as IDP, and the response from IDP goes first to our hosted url and then forwarded to Auth0.

I have setup a custom domain,
the request is initiated with this custom domain,
goes to IDP where IDP replies to our hosted ACS url (not Auth0) which forwards the SAML response to Auth0 (the custom domain)

Even though the InResponseTo attribute matches the ID in SAMLRequest - I get the error that it does not match. On what scope of InResponseTo depend and is there a way I can enable InResponseTo with my proxy setup?

erichhansen · April 25, 2023, 1:37pm

We are seeing the same error for a small number of users. In our case it seems like cookies are being “lost” in the SAML flow (even though we can see that the InResponseTo matches the Request Id). But we have been unable to see why this cookie is lost.

atripathi · May 12, 2023, 12:27pm

In my case, I was trying with postman to post to ACS url. Upon creating a local stub to do temporary redirect, it worked

tyf · May 12, 2023, 6:55pm

Thanks for following up with the solution @atripathi !

system · May 26, 2023, 6:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.