Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

SSO Troubleshooting: Invalid SAML Response

Learn how to troubleshoot the Invalid SAML Response error

What This Error Means

During single sign‑on, you may see the following error message:

Invalid SAML Response. Not match the saml‑schema‑protocol‑2.0.xsd

This error means the SAML response returned by the identity provider is not formatted correctly and does not conform to the SAML 2.0 schema.

Why This Happens

This error typically occurs when:

  • The SAML response XML is malformed
  • Required elements are missing or in the wrong order
  • The response does not match the SAML 2.0 assertion schema

How to Troubleshoot the Issue

Follow the steps below to identify and correct the formatting issue.

  1. Capture the full SAML response

    • Use SAML Tracer or a similar browser‑based SAML inspection tool

  2. Open an XML schema validation tool

    • Example: https://www.freeformatter.com/xml-validator-xsd.html

  3. Paste the SAML response into the XML field

  4. Provide the SAML 2.0 assertion schema

    • Use the SAML 2.0 assertion XSD from:
      https://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
    • View the page source and copy the raw XSD text into the XSD field

  5. Run the validation check

    • Review the validation errors returned by the tool

  6. Correct the SAML response formatting

    • Update the identity provider configuration based on the specific errors identified

Once the SAML response conforms to the schema, retry the SSO login.