Z
ZITADEL10mo ago
vf-tyler

SAML Application XML Error: "failed to find registered serviceprovider"

I have a ZITADEL Application within a Project configured with SAML authentication and I am attempting to start the login process using https://<ZITADEL-DOMAIN>/saml/v2/SSO. I am using the saml2-js (https://www.npmjs.com/package/saml2-js) library to generate the XML requests and this is the XML it sends as the SAMLRequest query parameter (deflated and base64-encoded in reality). All instances of the ZITADEL domain have been replaced with <ZITADEL-DOMAIN> for the sake of sharing. 
<?xml version="1.0"?>
<AuthnRequest
    xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_4d3cdb03fbfe470b1c0c9968587de81b2dc92d93c2" IssueInstant="2024-08-15T17:26:18.024Z" Destination="https://<ZITADEL-DOMAIN>/saml/v2/SSO" AssertionConsumerServiceURL="http://localhost:3000/api/auth/signin/sana-saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
    <saml:Issuer>https://<ZITADEL-DOMAIN>/saml/v2/metadata</saml:Issuer>
    <NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" AllowCreate="true"/>
</AuthnRequest>
<?xml version="1.0"?>
<AuthnRequest
    xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_4d3cdb03fbfe470b1c0c9968587de81b2dc92d93c2" IssueInstant="2024-08-15T17:26:18.024Z" Destination="https://<ZITADEL-DOMAIN>/saml/v2/SSO" AssertionConsumerServiceURL="http://localhost:3000/api/auth/signin/sana-saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
    <saml:Issuer>https://<ZITADEL-DOMAIN>/saml/v2/metadata</saml:Issuer>
    <NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" AllowCreate="true"/>
</AuthnRequest>
npm
saml2-js
SAML 2.0 node helpers. Latest version: 4.0.2, last published: a year ago. Start using saml2-js in your project by running npm i saml2-js. There are 30 other projects in the npm registry using saml2-js.
6 Replies
vf-tyler
vf-tylerOP10mo ago
Once I am redirected to https://<ZITADEL-DOMAIN>/saml/v2/SSO?SAMLRequest=<BASE64-XML>, I receive this XML response: 
<?xml version="1.0" encoding="UTF-8"?>
<Response
    xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_6ce986e5-7857-4753-8716-5dabbd7f586d" InResponseTo="_3baf755af48a32e1588e2a5887133633b8c4fe4a9b" Version="2.0" IssueInstant="2024-08-15T17:49:52.718Z">
    <Issuer
        xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://<ZITADEL-DOMAIN>/saml/v2/metadata
    </Issuer>
    <Status
        xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
        <StatusCode
            xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied">
        </StatusCode>
        <StatusMessage>failed to find registered serviceprovider: ID=QUERY-d6TO1 Message=Errors.App.NotExisting Parent=(sql: no rows in result set)</StatusMessage>
    </Status>
    <Assertion
        xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Version="" ID="" IssueInstant="">
        <Issuer
            xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        </Issuer>
    </Assertion>
</Response>
<?xml version="1.0" encoding="UTF-8"?>
<Response
    xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_6ce986e5-7857-4753-8716-5dabbd7f586d" InResponseTo="_3baf755af48a32e1588e2a5887133633b8c4fe4a9b" Version="2.0" IssueInstant="2024-08-15T17:49:52.718Z">
    <Issuer
        xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://<ZITADEL-DOMAIN>/saml/v2/metadata
    </Issuer>
    <Status
        xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
        <StatusCode
            xmlns="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied">
        </StatusCode>
        <StatusMessage>failed to find registered serviceprovider: ID=QUERY-d6TO1 Message=Errors.App.NotExisting Parent=(sql: no rows in result set)</StatusMessage>
    </Status>
    <Assertion
        xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Version="" ID="" IssueInstant="">
        <Issuer
            xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        </Issuer>
    </Assertion>
</Response>
As you can see, the <StatusMessage> is "failed to find registered serviceprovider". Do you know why I would be receiving this message and how I can register the service provider?
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
vf-tyler
vf-tylerOP10mo ago
@FFO Thank you for the response. Any insights would be appreciated @stebenz
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
vf-tyler
vf-tylerOP10mo ago
@stebenz Yes, I definitely misunderstood how this should be configured (still getting familiar with SAML). Switching the Service Provider has resolved this issue. Thank you!
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View

Did you find this page helpful?