The SAML Request AssertionConsumerServiceURL is invalid

joshua-golub · July 14, 2020, 10:02pm

I am getting this error:

{
  "date": "2020-07-14T21:39:38.651Z",
  "type": "f",
  "description": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
  "connection_id": "",
  "ip": "71.176.222.191",
  "user_agent": "Chrome 83.0.4103 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "SAMLRequest": "jZJLT+MwFIX/SuR9nNh5tVYa1KGgVipQkTCL2Yzc+IZ6SOxiO+Xx6zHtIHUzaLZX5/i751yXF69DHxzAWKnVDBEco4uqnI9up+7heQTrAi9QdoZGo5jmVlqm+ACWuZbV85s1ozhme6OdbnWPTmJm+dB/7+DWgnGeiYKfX3A/R8FqMUO/J51IaCuyNt+mKe2A0iydtAURIid5l8VFlyciS1I68QZrR1gp67hy/o2YxmFchCRtKGHJlKUUT+PpLxQsfBapuDuids7tLYsiAYdQcqlf5DbDo8XcB49xq4foM8I+cktaK3uVwjr+8/q+e+BNMamX49Py6tnc0AVBwfwryKVWdhzA1GAOsoWH+/UZhgApOshokk+xejT6CUsd8YG/axWdqkDB5m+JP6QSUj1+39/2JLJs2TSbcHNXN6gqP3dmxz5M9V/oARwX3HHsz1ZG5/by1iNXi43uZfsWXGszcPfvjQgmx4kUYXeUslHZPbSykyB8R32vXy4NcAcz5MwIKKrK6PyTVR8="
    },
    "error": {
      "message": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
      "oauthError": "invalid_request",
      "type": "request-error"
    }
  },
  "hostname": "dev-iaiowib5.us.auth0.com",
  "log_id": "90020200714213943980000160508053563541153156205681573906",
  "_id": "90020200714213943980000160508053563541153156205681573906",
  "isMobile": false
}

The decoded SAML request looks like this:

<?xml version="1.0"?>
<AuthnRequest
	AssertionConsumerServiceURL="https://d1e17fe52369.ngrok.io/amazon/assert"
	Destination="https://dev-iaiowib5.us.auth0.com/samlp/tH2SnsE4eL0jxzhUaT78SHukHEqrM2D1" 
	ID="_bdf71d4b8f53c8a8fddd0a967df89e304bdea8db42" 
	IssueInstant="2020-07-14T21:21:24.303Z" 
	ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
	Version="2.0" 
	xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
	<saml:Issuer>https://d1e17fe52369.ngrok.io/amazon/metadata.xml</saml:Issuer>
	<NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</AuthnRequest>

My Allowed Callback URLs look like this:

So, what can be causing the error?

The SAML Request AssertionConsumerServiceURL is invalid: https://d1e17fe52369.ngrok.io/amazon/assert’

Thanks in advance for any help you can offer.

karen1 · July 15, 2020, 9:34pm

Good afternoon,

First, I would recommend redacting some of the information you provided here since it is a public forum.

Generally, this error indicates that you are missing the Callback URL the SAML response will be posted to or it was entered incorrectly.

This is in the first field when you open the SAML2 addon settings page. It is the step 11 in these instructions: Configure Auth0 as SAML Identity Provider

If you are still experiencing issues, can you check if you have turned on the SAML2 Web App addon in the particular client? Also, can you please capture an HTTP trace during the attempted login and dm this to me? Usually this helps us to identify the exact reason for the error. Instructions are at Generate and Analyze HAR Files

Topic		Replies	Views
AWS SSO: The SAML Request AssertionConsumerServiceURL is invalid Help auth0 , login	11	5569	November 20, 2020
AssertionConsumerServiceURL is invalid while logging from Salesforce Help sso , salesforce	2	4255	August 26, 2019
Zendesk AssertionConsumerServiceURL is invalid Help auth0 , zendesk , login , saml2	7	3648	October 30, 2020
SAML Error logging in Help	2	3973	December 14, 2018
Invalid SAML AssertionConsumerServiceURL Help saml , slack , auth0-configuration	2	5162	December 17, 2018

The SAML Request AssertionConsumerServiceURL is invalid

Related topics