devise_saml_authenticatable icon indicating copy to clipboard operation
devise_saml_authenticatable copied to clipboard
verified publisher icon apokalipto

Using this for an IdP initiated sign in

Open amitej1 opened this issue 6 years ago • 1 comments

How can we use this gem for IdP initiated sign in? From my understanding we should call the ACS URL directly which would have the SAMLResponse. But when we tried to do that, it is throwing an error: saml: Auth errors: Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd

Any pointers?

amitej1 avatar Nov 21 '19 08:11 amitej1

Yes, your IdP should send you to the ACS URL along with a SAML response. It looks like the response your IdP is sending doesn't conform to the expected protocol. The ruby-saml gem does the validation that's failing here. It also looks like the schema is hard-coded, so it's not a matter of choosing a different one.

I would suggest you inspect the SAML response from your IdP (you could do that by adding a logging statement to the strategy), and see if you can spot the error, or send it to your IdP to have them figure out why it's invalid.

adamstegman avatar Nov 25 '19 16:11 adamstegman