Error Parsing SAML Response


I am trying to use a Microsoft Azure Active Directory as an Identity Provider. When using an SAML response, the following error appears in the Ignition logs:

com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterException: Unable to parse the WebAuthResponse from the HTTP request

When doing a test login, the login page is correct however there is no IDP response data. Is there something different about the way Azure AD is sending this SAML? When comparing it with a working Okta IDP, there doesn't appear to be any difference.

Any help or insight would be appreciated.

Can you post the full stack trace of the IdpAdapterException?

I solved the issue, unchecking the Validate Response Signatures * seemed to allow the IDP to be read.

Make sure to have at least one of the Validate Response Signatures or Validate Assertion Signatures settings enabled. Having both disabled is a security issue since Ignition will not check if SAML Responses / Assertions are forged.

Understood, thank you for the feedback. Will let you know if any other issues arise.

1 Like