The SAML Request AssertionConsumerServiceURL is invalid

joshua-golub · July 14, 2020, 10:02pm

I am getting this error:

{
  "date": "2020-07-14T21:39:38.651Z",
  "type": "f",
  "description": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
  "connection_id": "",
  "ip": "71.176.222.191",
  "user_agent": "Chrome 83.0.4103 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "SAMLRequest": "jZJLT+MwFIX/SuR9nNh5tVYa1KGgVipQkTCL2Yzc+IZ6SOxiO+Xx6zHtIHUzaLZX5/i751yXF69DHxzAWKnVDBEco4uqnI9up+7heQTrAi9QdoZGo5jmVlqm+ACWuZbV85s1ozhme6OdbnWPTmJm+dB/7+DWgnGeiYKfX3A/R8FqMUO/J51IaCuyNt+mKe2A0iydtAURIid5l8VFlyciS1I68QZrR1gp67hy/o2YxmFchCRtKGHJlKUUT+PpLxQsfBapuDuids7tLYsiAYdQcqlf5DbDo8XcB49xq4foM8I+cktaK3uVwjr+8/q+e+BNMamX49Py6tnc0AVBwfwryKVWdhzA1GAOsoWH+/UZhgApOshokk+xejT6CUsd8YG/axWdqkDB5m+JP6QSUj1+39/2JLJs2TSbcHNXN6gqP3dmxz5M9V/oARwX3HHsz1ZG5/by1iNXi43uZfsWXGszcPfvjQgmx4kUYXeUslHZPbSykyB8R32vXy4NcAcz5MwIKKrK6PyTVR8="
    },
    "error": {
      "message": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
      "oauthError": "invalid_request",
      "type": "request-error"
    }
  },
  "hostname": "dev-iaiowib5.us.auth0.com",
  "log_id": "90020200714213943980000160508053563541153156205681573906",
  "_id": "90020200714213943980000160508053563541153156205681573906",
  "isMobile": false
}

The decoded SAML request looks like this:

<?xml version="1.0"?>
<AuthnRequest
	AssertionConsumerServiceURL="https://d1e17fe52369.ngrok.io/amazon/assert"
	Destination="https://dev-iaiowib5.us.auth0.com/samlp/tH2SnsE4eL0jxzhUaT78SHukHEqrM2D1" 
	ID="_bdf71d4b8f53c8a8fddd0a967df89e304bdea8db42" 
	IssueInstant="2020-07-14T21:21:24.303Z" 
	ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
	Version="2.0" 
	xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
	<saml:Issuer>https://d1e17fe52369.ngrok.io/amazon/metadata.xml</saml:Issuer>
	<NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</AuthnRequest>

My Allowed Callback URLs look like this:

So, what can be causing the error?

The SAML Request AssertionConsumerServiceURL is invalid: https://d1e17fe52369.ngrok.io/amazon/assert’

Thanks in advance for any help you can offer.

karen1 · July 15, 2020, 9:34pm

Good afternoon,

First, I would recommend redacting some of the information you provided here since it is a public forum.

Generally, this error indicates that you are missing the Callback URL the SAML response will be posted to or it was entered incorrectly.

This is in the first field when you open the SAML2 addon settings page. It is the step 11 in these instructions: Configure Auth0 as SAML Identity Provider

If you are still experiencing issues, can you check if you have turned on the SAML2 Web App addon in the particular client? Also, can you please capture an HTTP trace during the attempted login and dm this to me? Usually this helps us to identify the exact reason for the error. Instructions are at Generate and Analyze HAR Files

Topic		Replies	Views
AWS SSO: The SAML Request AssertionConsumerServiceURL is invalid Help auth0 , login	11	5553	November 20, 2020
Invalid SAML AssertionConsumerServiceURL Help saml , slack , auth0-configuration	2	5160	December 17, 2018
Assertion Consumer URL not being sent with SAML redirect Help saml	2	4725	February 27, 2023
Saml Invalid Signature Issue Help saml	1	2200	April 7, 2022
Knowledge Why does the 'AssertionConsumerServiceURL' placeholder in the SAML request template appear 'blank' at login? Knowledge Articles	1	1525	May 23, 2023

The SAML Request AssertionConsumerServiceURL is invalid

Related Topics