SAML error with Kubernetes: 'InResponseToField of the Response doesn't correspond to sent message'

Hi everyone,

I am having a recurring issue with shinyproxy (currently 2.5.0) hosted within a kubernetes cluster (currenty a single node). I’m using Auth0 with SAML. Traffic goes through a Nginx ingress controller that does TLS termination and has a fairly basic configuration. What I don’t understand is that I will get the following error, but only once in a while. If I try to login, I will get the error, but then after that, if I go back to the login page and try to log in again, everything works fine.  : AuthNResponse;FAILURE;[Auth0 URN];;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a12g399012cidi7i2i3ha3ha4h6e6jc

This made me think of a cookies problem, however adjusting the shinyproxy server/proxy configuration for cookies did not change anything. Shinyproxy configuration has:

  secure-cookies: true
  same-site-cookie: None

In the browser when I try to log in I get the following error message:

Status code: 200

Message: Error validating SAML message

Stack Trace: Error validating SAML message

Anyone has an idea of what I am missing? I would really appreciate it! Thank you!

1 Like

similar issue here, but on shinyproxy-docker with AzureAD with SAML.