0

I am working on enabling SSO for our organization with Google.

I setup the Single Sign-On Configuration.

SAML Identity Type: Assertion contains the Federation ID from the User object

SAML Identity Location: dentity is in the NameIdentifier element of the Subject statement

Service Provider Initiated Request Binding:
HTTP POST

Below is the error I continue to receive. How can I better debug this to understand whether or not this is a Salesforce or Google issue?

Domain with Error Message: https://company.my.salesforce.com/_nc_external/identity/saml/SamlError

enter image description here

 <saml2p:StatusMessage>Invalid request, ACS Url in request https://company.my.salesforce.com?sc=0LE4x000000LRkV doesn't match configured ACS Url https://company.my.salesforce.com?so=00D4x000003wk2I.</saml2p:StatusMessage>
Improve this question

1 Answer 1

Reset to default
2

Inside the Single Sign On setup you have created, there is a button called "SAML Assertion Validator" that should give you more detail on where it failed.

Btw, since you are using Google, have you considered using Auth Providers? https://help.salesforce.com/articleView?id=sf.sso_provider_sfdc.htm&type=5

Improve this answer
5
  • Yes, I cannot get that one to work either. SSO has been a bit of a nightmare for me so far! I have no idea how to use the SAML Assetion Validator: Enter your SAML response in base64-encoded, deflated and base64-encoded, or plain XML format into the field below, and click Validate. Commented Mar 7, 2021 at 3:48
  • another way I would tackle this is to download a chrome plugin named 'SAML-Tracer' that should also give you a good idea on where it fails Commented Mar 7, 2021 at 3:55
  • <saml2p:StatusMessage>Invalid request, ACS Url in request company.my.salesforce.com?sc=0LE4x000000LRkV doesn't match configured ACS Url company.my.salesforce.com?so=00D4x000003wk2I.</…> Commented Mar 7, 2021 at 3:55
  • ah ok, check your configuration in Google, and update the Entity Id to match what you put in the Single Sign On setup Commented Mar 7, 2021 at 4:08
  • Our Entity ID for the single sign-on is: includedhealth.my.salesforce.com Do I need to copy this and paste this somewhere in google? Commented Mar 7, 2021 at 4:13

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.