InResponseTo attribute in SAML Response is missing

InResponseTo attribute in SAML Response is missing

Issue:

Every SAML request has an ID and every SAML response should return this ID with the name InResponseTo. Most of the popular IDPs return this is now required to be verified.

Response without InResponseTo:


Expected Response:



Solution:

If your custom IDPs do not return this by default, this needs to be included now. Please request your IDP admin to add this value to the SAML response by altering the IDP settings.


                    New to ADSelfService Plus?

                      • Related Articles

                      • SAML | Multiple Login URLs for SAML Response

                        Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...
                      • prod and test instance has same entity id for SAML

                        The issue: When restoring backup from production instance to create a test instance, the entity ID in SAML configuration is same as the production instance. Hence not able to configure SAML in test instance. Workaround: To change the application URL, ...
                      • How to Configure SAML for Hybrid Azure AD in SDP

                        This article provides a workaround for older SDP builds (below 11200) alone that did not support EmailAddress as the NameID format. Moreover, this workaround is applicable only for environments that sync their On-Premise AD users to their Azure using ...
                      • How to get SAML tracer output for a SAML based login-attempt?

                        You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser. To record the SAML tracer output: Go to ServiceDesk Plus's login screen Click on SAML Tracer Extension to open up the SAML Tracer window. Now ...
                      • SAML with ICAM as IdP in ServiceDesk Plus

                        The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress). WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set ...