Assistance Required with SAML Authentication Issue

Jump to solution
Community Explorer

This is the third time trying to post this question. It gets marked as spam. This time I don't add as much log information, because it's probably this drawing the spam markers attention. 

We are encountering an issue configuring Canvas as a service provider for an IdP. Despite successful authentication from the IdP, Canvas is not processing the SAML response correctly, leading to authentication failures. 


Issue Description:

- Successful authentication response from the IdP, as indicated in the attached SAML trace logs.

- Canvas fails to process this response, resulting in authentication failure.


Here is the first relevant log from SAML-tracer  which is the response from the IdP indicating success: 

POST https://xxx/acs/post




And here is the next request in the SAML trace saying authentication failed. 



Authentication failed. Error id


Here is from the debugging session inside of Canvas also indicating authentication failed


Testing state:

Mottog LoginResponse från IdP

AuthnRequest sent to IdP

Request ID:


LoginRequest encoded URL:


LoginRequest XML sent to IdP:

Removed logs

AuthnResponse from IdP

IdP InResponseTo:


IdP LoginResponse destination:

Validation error:

response is not successful

Removed logs


Removed logs

Authentication failed. Error

Removed logs

User successfully logged into Canvas:


IdP LoginResponse encoded:


IdP LoginResponse encrypted:

Removed logs

   Authentication failed. Error

Removed logs

IdP LoginResponse Decrypted:

Removed logs

Authentication failed. Error

Removed logs


Here is our SAML configuration from Canvas 


SAML Configuration:


IdP Metadata URI: https://xxx/md/swamid-idp.xml

IdP Entity ID: https://xxx/yyy

Log on URL: https://xxxx/yyyIDP/sso/redirect

Log out URL: (Not specified in the provided data)

Certificate Fingerprint: Removed logs

Strip Domain From Login Attribute Value: (Checkbox present, but state not specified in the provided data)

Identifier Format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Authentication Context: (No value selected)

Message Signing: (Not Signed - Default option selected)

Just-in-time Provisioning: Enabled (Checkbox checked)


Federated Attributes:


display_name: urn:oid:2.16.840.1.113730.3.1.241

surname: urn:oid:

email: urn:oid:0.9.2342.19200300.100.1.3

sis_user_id: urn:oid:

given_name: urn:oid:


Could you please assist us in understanding why Canvas is failing to process a successful SAML response? 

  • Is there a specific attribute or configuration setting in Canvas that might be causing this issue?
  • Can you help identify why Canvas is unable to successfully process the successful SAML response from the IdP? 
  • Are there known issues or additional settings in Canvas that we should check when integrating with an IdP? Maybe there's a general setting "approve external IdP:s" or something?

 Your insights on this matter would be greatly appreciated. Thank you for your assistance.


Labels (1)
1 Solution

Thanks for you reply. The problem was actually with the IdP, even though it looked like all was well on that side. Thanks again. 

View solution in original post