The SAMLResponse ID was already processed on OneLogin SSO connection

j.ortiz · October 4, 2021, 4:28pm

I have created 2 enterprise SAML connections to work as service provider for Okta and Jumpcloud, and everything is working fine.
I have left a connection with OneLogin. I am following this document: Configure OneLogin as SAML Identity Provider

But when I am trying the connection the following response is received:

{
  "error": "access_denied",
  "error_description": "The SAMLResponse ID was already processed"
}

Can anyone help me on this? I do not understand this error and I have no clue about how to solve it.
Thanks in advance

marcell · October 5, 2021, 8:04pm

I’m seeing the same issue. Enterprise connection with OneLogin as the IdP. Can’t figure out what’s wrong.

konrad.sopala · October 6, 2021, 1:10pm

Hey there!

Let me reach out to the team responsible for that feature to get to know more about this bug

j.ortiz · October 7, 2021, 12:58pm

Thank you konrad.sopala, really appreciate any help

j.ortiz · October 8, 2021, 11:11am

Hi. Did you figure anything out?

konrad.sopala · October 8, 2021, 11:21am

Hey!

Didn’t get a response from the team yet. As soon as I have it I will share it here

konrad.sopala · October 13, 2021, 2:48pm

I just got an information update from the team that it may take a bit longer as right now they’re busier than usual. Thank you for your understanding!

konrad.sopala · October 18, 2021, 10:19am

Got the info from the team.

The InResponseTo attribute in the SAML protocol is used to correlate requests and responses, and so it helps guarantee the authenticity of the response from the trusted IdP.

If we receive the same InResponseTo attribute twice, it probably means that some user activity caused the browser to resend the SAML request. The first time we receive the response, it’s okay. The second time, it’s not. It can happen when the back button in the browser is used let’s say