How to Fix "AADSTS90121: Invalid empty request." in SAML SSO configuration.

Question

We are attempting to configure and enable an IdP-initiated SSO solution between a third party and our existing web application where the 3rd party application is the IdP. The third party vendor requested our ACS URL and Entity Id, which I proved from our Federation metadata document. Whenever we attempt to test it, we are getting the error "AADSTS90121: Invalid empty request." However, using dev tools we can see that the SAML request is in fact being sent. Can you provide any more information on how to troubleshoot the empty request error?

Answer 1

Hi @Eric Jones ,

Thanks for reaching out.

The error message "AADSTS90121: Invalid empty request" usually occurs when the SAML request is empty or incorrect required parameters.

Here the issue with the setup of the SAML application.

1. Check the SAML request: Make sure that the SAML request is not empty and contains all the required parameters. You can use a Fiddler trace to capture the SAML request and check its contents.
2. Check the SAML configuration: Verify that the SAML configuration in Azure AD matches the configuration in your SAML service provider. Make sure that the SAML endpoints, certificates, and other settings are correctly configured.
3. Check the SAML service provider logs: Check the logs of your SAML service provider to see if there are any errors or warnings related to the SAML request. This can help you identify the root cause of the issue. I would suggest you take Fiddler trace to take capture the request and match the request which has to be an application side URL. Could you please check with the third-party application value to setup the proper request URL for the SAML SSO setup.  Hope this will help. Thanks, Shweta

---

Please remember to "Accept Answer" if answer helped you.