search cancel

"configuration_error" returned instead of IDP login page when SAML authentication enabled on WSS


Article ID: 242943


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users accessing internet sites via WSS using the WSS Agent

Users authenticate using SAML protocol and all works fine

SAML Identity Provider administrator wants signed AuthnRequests for additional security as WSS uses the POST/redirect bindings 

When the SAML IDP server is set up to require Signed AuthnRequests on the IDP server, users get a WSS 'configuration_error' returned and not the expected IDP login page

SAML IDP server responds with a 'Responder' status as it expects the signed AuthnRequest


SAML Authentication

Any IDP server supporting Signed Authentication Requests


WSS did not support the signing of SAML AuthnRequests until May 27 '22 Portal update


Two things are needed to accomplish this:


1. enable the signing of SAML Authentication request as highlighted below

2. Export the WSS metadata and import it into the SAML IDP server for the WSS SAML SP. 

Additional Information

Portal only providing this option since May 27 2022.