The SAML Request AssertionConsumerServiceURL is invalid

I am getting this error:

{
  "date": "2020-07-14T21:39:38.651Z",
  "type": "f",
  "description": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
  "connection_id": "",
  "ip": "71.176.222.191",
  "user_agent": "Chrome 83.0.4103 / Windows 10.0.0",
  "details": {
    "body": {},
    "qs": {
      "SAMLRequest": "jZJLT+MwFIX/SuR9nNh5tVYa1KGgVipQkTCL2Yzc+IZ6SOxiO+Xx6zHtIHUzaLZX5/i751yXF69DHxzAWKnVDBEco4uqnI9up+7heQTrAi9QdoZGo5jmVlqm+ACWuZbV85s1ozhme6OdbnWPTmJm+dB/7+DWgnGeiYKfX3A/R8FqMUO/J51IaCuyNt+mKe2A0iydtAURIid5l8VFlyciS1I68QZrR1gp67hy/o2YxmFchCRtKGHJlKUUT+PpLxQsfBapuDuids7tLYsiAYdQcqlf5DbDo8XcB49xq4foM8I+cktaK3uVwjr+8/q+e+BNMamX49Py6tnc0AVBwfwryKVWdhzA1GAOsoWH+/UZhgApOshokk+xejT6CUsd8YG/axWdqkDB5m+JP6QSUj1+39/2JLJs2TSbcHNXN6gqP3dmxz5M9V/oARwX3HHsz1ZG5/by1iNXi43uZfsWXGszcPfvjQgmx4kUYXeUslHZPbSykyB8R32vXy4NcAcz5MwIKKrK6PyTVR8="
    },
    "error": {
      "message": "The SAML Request AssertionConsumerServiceURL is invalid: 'https://d1e17fe52369.ngrok.io/amazon/assert'",
      "oauthError": "invalid_request",
      "type": "request-error"
    }
  },
  "hostname": "dev-iaiowib5.us.auth0.com",
  "log_id": "90020200714213943980000160508053563541153156205681573906",
  "_id": "90020200714213943980000160508053563541153156205681573906",
  "isMobile": false
}

The decoded SAML request looks like this:

<?xml version="1.0"?>
<AuthnRequest
	AssertionConsumerServiceURL="https://d1e17fe52369.ngrok.io/amazon/assert"
	Destination="https://dev-iaiowib5.us.auth0.com/samlp/tH2SnsE4eL0jxzhUaT78SHukHEqrM2D1" 
	ID="_bdf71d4b8f53c8a8fddd0a967df89e304bdea8db42" 
	IssueInstant="2020-07-14T21:21:24.303Z" 
	ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
	Version="2.0" 
	xmlns="urn:oasis:names:tc:SAML:2.0:protocol" 
	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
	<saml:Issuer>https://d1e17fe52369.ngrok.io/amazon/metadata.xml</saml:Issuer>
	<NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</AuthnRequest>

My Allowed Callback URLs look like this:

image

So, what can be causing the error?

The SAML Request AssertionConsumerServiceURL is invalid: https://d1e17fe52369.ngrok.io/amazon/assert

Thanks in advance for any help you can offer.

Good afternoon,

First, I would recommend redacting some of the information you provided here since it is a public forum.

Generally, this error indicates that you are missing the Callback URL the SAML response will be posted to or it was entered incorrectly.

This is in the first field when you open the SAML2 addon settings page. It is the step 11 in these instructions: https://auth0.com/docs/protocols/saml/saml-idp-generic#2-configure-auth0-as-idp

If you are still experiencing issues, can you check if you have turned on the SAML2 Web App addon in the particular client? Also, can you please capture an HTTP trace during the attempted login and dm this to me? Usually this helps us to identify the exact reason for the error. Instructions are at https://auth0.com/docs/troubleshoot/guides/generate-har-files