The InResponseTo attribute does not match the id in the AuthNRequest

Hi All,
I am facing issue of InResponseTo error. In my setup Auth0 is acting as SP and Okta as IDP, and the response from IDP goes first to our hosted url and then forwarded to Auth0.

I have setup a custom domain,
the request is initiated with this custom domain,
goes to IDP where IDP replies to our hosted ACS url (not Auth0) which forwards the SAML response to Auth0 (the custom domain)

Even though the InResponseTo attribute matches the ID in SAMLRequest - I get the error that it does not match. On what scope of InResponseTo depend and is there a way I can enable InResponseTo with my proxy setup?

1 Like

We are seeing the same error for a small number of users. In our case it seems like cookies are being “lost” in the SAML flow (even though we can see that the InResponseTo matches the Request Id). But we have been unable to see why this cookie is lost.

In my case, I was trying with postman to post to ACS url. Upon creating a local stub to do temporary redirect, it worked


Thanks for following up with the solution @atripathi ! :rocket:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.