Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Alteryx Server Knowledge Base

Definitive answers from Server experts.

Exception thrown when asserting SAML response from IDP

michaeljp
Alteryx
Alteryx
Created

Error: “Exception thrown when asserting SAML response from IDP”

 

Environment Details

 
  • After Alteryx Server upgrade to 2022.3 SAML authentication fails with Please sign on page being presented.
  • affects SAML method Metadata URL or x509 certificate
 
Exception thrown when asserting SAML response from IdP.,"Sustainsys.Saml2.Exceptions.Saml2ResponseFailedValidationException: Expected message to contain InResponseTo ""idef837223a1194c93bede7922a0efeec3"", but found none. If this error occurs due to the Idp not setting InResponseTo according to the SAML2 specification, this check can be disabled by setting the IgnoreMissingInResponseTo compatibility flag to true.->   at Sustainsys.Saml2.Saml2P.Saml2Response.ReadAndValidateInResponseTo(XmlElement xml, Saml2Id expectedInResponseTo, IOptions options)->  


 
  • Alteryx Server 
    • Version(s) 2022.3
  • Okta


Cause

 

Alteryx is failing to pass "InResponseTo"



Diagnosis

 
  • Log error matched in file at %ProgramData%\Alteryx\Logs\alteryx-sso-YYYYMMMDD.csv
  • Login attempt when SAMLL using Okta (with either x509 or Metadata URL) will generate same log error and UI experience.
 

Resolution

 

Solution A 

  1. After sign in attempt the URL landing will result in https://{FQDN}/gallery/#!sso/%FisUnauthorized%3Dtrue which presents the Please sign in page
  2.  Access Server directly at {FQDN}/gallery/ and click Sign In button
 

Solution B 

 
  1. Patch (TBD) see defect report GCSE-1178


image.pngimage.png

Additional Resources