SAML SSO for application under tenant
-
I have created an application under a tenant other than the default tenant.
Configured issuer, ACS in the application.
I checked the issuer in SAML Authn request, it is matching the issuer configured in application.
The request is blocked with error message
FusionAuth is unable to complete this request due to an invalid tenant Id. This error is unexpected. Contact Support.Can you please help with this error.
TIA -
The worst part about the issue is - there is no event log even though debug is enabled in application SAML configuration.
-
I am able to debug the issue.
The SP was redirecting to /samlv2/login/9876d2-xyz-abc-pqr-123450e5b/idp/profile/SAML2/Redirect/SSO?SAMLRequest=
instead of /samlv2/login/9876d2-xyz-abc-pqr-123450e5b?SAMLRequest= as suggested in IDP metadata
Definitely error message can be better.
I guess Fusionauth is trying to identify a tenant for "9876d2-xyz-abc-pqr-123450e5b/idp/profile/SAML2/Redirect/SSO" and failing to find a tenant.
-
I'm glad you were able to debug the issue. This seems like a bug, but how did you fix it?
-
As of version 1.29.0, we've added a lot more SAML debugging. I'd be interested to know if anyone else runs into this issue and if the extra debugging helps resolve the issue more quickly.
Cheers!
Dan
