Error when testing SAML connection -

Question

We are getting an error when we test our SAML connection:

SAML 2.0 based Single Sign-On

Error when processing authentication request!

Please try login again!

When using tools to get a more detailed response we get:

ALERT: Invalid Assertion Consumer URL value 'https://www.lucidchart.com/saml/sso/macalester.edu' in the AuthnRequest message from the issuer 'lucidchart.com'. Possibly an attempt for a spoofing attack

From our metadata.xml:

<md:AssertionConsumerService isDefault="true" Binding="urn:oasis:namesSAML:2.0:bindings:HTTP-POST" Location="https://admin.lucid.app/saml/sso/macalester.edu" index="0" />

How can we fix this?

Hannah · Accepted Answer

Hi @ajohns34!Thank you for posting in the Lucid Community!Can you ensure that your Primary Assertion Consumer URL value matches the following format in both your IDP and your Lucid Admin Panel? https://lucid.app/saml/sso/<yourdomain>. Here is our documentation on configuring SAML for your Account, I suggest reviewing your SAML configuration against the requirements from this article and testing once more.Please let me know if this issue persists, I’m happy to help!

Ambar D · Answer

Update to this post 🚨 As of February 23, 2025, Lucid’s Oldest SAML certificate expired, if your IDP (Okta, Azure, etc) was set up prior to September 1, 2021, the admin of your identity provider will need to update your certificate for sign-in.

Check out this post for more information on how to replace this certification.

If you're not responsible for managing your identity provider, please send this post to your Admin or IT team so they can replace this certification.

SAML 2.0 based Single Sign-On

Reply

Create an account in the community

Log in to the community

Scanning file for viruses.

This file cannot be downloaded