DocuSign SSO - AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

Charles Lopez 0 Reputation points
2023-10-26T05:59:50.5566667+00:00

Hi Team!

I've been trying to sort out the SSO login for DocuSign for our organization but I always get to the point where I get two different errors when testing the login.

First is this:

Request Id: 878f4035-8235-43f5-accb-323ae39e2700

Correlation Id: 18d00f05-5c8e-4924-8d69-8f6e89f84ed5

Timestamp: 2023-10-26T05:45:33Z

Message: AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

and the other error I'm getting is:

Request Id: 7ec007a8-8437-40da-a83f-0f5149b62200

Correlation Id: c4f73925-1bb1-4fc4-8ca0-49f87f50a102

Timestamp: 2023-10-26T05:58:02Z

Message: AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: 016bbcdb-ce91-4dff-a3f6-81e4e51129af.

We are currently being forced to use the SSO login instead of getting prompted to choose between "Use company login" or "Use Other Login Options" to authenticate.

User's image

Any help is greatly appreciated.

Best regards,

Ray

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,534 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 11,171 Reputation points Microsoft Employee
    2023-10-27T04:25:57.8033333+00:00

    @Charles Lopez

    Thank you for posting your question in Microsoft Q&A.

    By looking at the error that you get, it looks like there is a configuration issue.

    For error "AADSTS750054", this is caused when Azure AD wasn’t able to identify the SAML request within the URL parameters in the HTTP request. This can happen if the application is not using HTTP redirect binding when sending the SAML request to Azure AD.

    This error can be occurred due to one of the below reasons,

    • Ensure that single-sign on is enabled on the application side.
    • The application must support service provider-initiated single sign-on (sometimes known as SP-initiated SSO). When entering a sign-in URL for an application that only supports identity provider-initiated single sign-on can lead to a bounce back from the application without a SAML response.
    • Verify that the sign-on URL is correctly configured.

    You can also refer to below document,

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts750054-saml-request-not-present

    For error "AADSTS650056" when there are no proper permissions set on the applications. You can check below option and confirm if these are configured properly.

    • Check the Redirect URI configuration: Verify that the redirect URI specified in your application's Azure AD registration matches the one in your application code. The redirect URI is used to redirect the user back to your application after they sign in to Azure AD.
    • Check the client ID configuration: Verify that the client ID specified in your application's code matches the one in your Azure AD registration. The client ID is used to identify your application to Azure AD.
    • Verify the app has necessary permissions: Check that the necessary permissions are granted to your application. You can do this by checking the "API Permissions" section in your application's Azure AD registration.
    • Verify the app is enabled: Check that your application is enabled in Azure AD. You can do this by checking the "Enterprise Applications" section in the Azure AD portal.
    • Check the token signing certificate: If your application is using tokens, verify that the signing certificate is properly configured in Azure AD. You can do this by checking the "Certificates & Secrets" section in your application's Azure AD registration.
    • Check the authentication method: Verify that the authentication method used by your application matches the one specified in Azure AD. For example, if your application is using OpenID Connect, verify that it is configured in Azure AD to use OpenID Connect.
    • Check for conditional access policies: Verify if there is any conditional access policy in place that might be blocking your application from accessing Azure AD resources.
    • Ensure that the Issuer attribute in the SAML request matches the Identifier value configured in Azure AD.

    Verify that the value in the Identifier textbox matches the value for the identifier value displayed in the error.

    You can also refer below article get more information on this issue.

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts650056-misconfigured-app

    Let us know if you have any further questions

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.