How to fix "The InResponseTo attribute in Assertion is wrong" issue during SAML federation

Suriya · October 30, 2023, 11:00am

Hi there,

I am trying to configure federation through SAML where ForgeRock Identity cloud will act as SP with external IDP. We are passing all required attribute. We are using SAML node in authN journey and we are getting “The InResponseTo attribute in Assertion is wrong” error and the call is keep on refreshing without end. Please anyone got this issue need ur help. Thanks in advance

jsingh · October 30, 2023, 2:39pm

The issue seems to stem from a mismatch between the ID that the SP provided in its initial SAML2 AuthNRequest and the ID received in the response. Here are some steps you might consider to pinpoint and resolve the problem:

Test with a dummy IdP like SAMLTest.ID. This can help determine whether the discrepancy is originating from the SP or the IdP.
Clear your session and attempt again. This step can rule out any potential issues related to caching or sessions.
Examine the Status element in the SAML2 response. If it indicates an error, the IdP might be having trouble processing your request or with the authentication process itself.
Check the metadata configurations again for both SP and IDP;

Suriya · October 30, 2023, 4:53pm

Hi there,
I have checked the ID you said where it seems like the “ID” sent in AuthRequest from ForgeRock to external IDP, and response “ID” is different. But the value in request “ID” and value in response “InreponseTo” attribute is same. I don’t know how to fix this issue. Please guide me if any. Thanks in advance.