Hello @Ben L,
Thank you for posting your query on Microsoft Q&A.
It appears you are trying to configure the SAML Toolkit tutorial application in your tenant to test the SP-initiated sign-on flow by following the document below:
Microsoft Entra SAML Toolkit SSO Configuration
When attempting to register a new user, you encountered an error message: "An error occurred while processing your request." I've attached a screenshot for reference.
I attempted to create the same application in my tenant to determine whether the issue lies with the application or the configuration. I found that the problem is with the application itself. The SAML configuration option, which should be available on the registration page, is missing.
As per the document, we need to configure SAML on the registration page by pasting the Entra URLs on the application side. However, since the SAML configuration option is currently unavailable, the error occurs.
I've informed my internal team to investigate this issue, but it may take a few days to resolve. In the meantime, to test SAML SSO with SP-initiated sign-on, I recommend using another sample test application.
Here are the steps to configure an alternative test application while the SAML Toolkit issue is being addressed:
Create a non-gallery application in Enterprise applications and give it a name.
Once the application is created, go to Single Sign-On, select SAML, and enter the following URLs in the Entity ID and Reply URL fields:
- Identifier (Entity ID): IAMShowcase
- Reply URL (Assertion Consumer Service URL): https://sptest.iamshowcase.com/acs
After saving, download the Federation Metadata XML from the SAML certificates section and save it to your local device. This XML file will need to be uploaded on the application side.
Once the above steps are completed, open a new tab and access https://sptest.iamshowcase.com/. Click on "Instructions" and select "SP Initiated SSO."
Upload the XML metadata file by clicking on "Choose File" and submit it.
Next, go back to your Enterprise applications, select the application, and click on "Test this application." You should now be able to authenticate with the application and receive the decoded SAML response after authentication is complete.
This is how you can be able to test the SP initiated sign on flow.
Note: This is a third-party test application.
Hope this includes all the information that you were looking for.
Thanks,
Raja Pothuraju.