Problem
When setting up SSO integration, the user interface shows an error stating SAML not configured. Invalid IdP Metadata. Please update.
Root cause
The IdP metadata doesn't contain the necessary information to setup the integration or isn't properly formatted.
Solution
Make sure your IdP metadata includes the following information:
- EntityDescriptor
- IDPSSODescriptor
- Signing key descriptor and certificate
- SingleSignOnService binding of type HTTP-Redirect. This is the only binding currently supported
Here's what your IdP metadata should typically look like:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="yourIdPEntityId">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data>
<ds:X509Certificate>...</ds:X509Certificate>
</ds:X509Data></ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="yourIdPSAMLredirectURL"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
Comments
0 comments
Please sign in to leave a comment.