Problem Connecting Azure AD SSO to DOMO

Ashutosh Joshi 1 Reputation point
2021-09-21T16:56:12.927+00:00

Hello,
I'm configuring AZURE AD SSO to DOMO for our origination and it showing this error from AZURE is

AADSTS750054: SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.
See resolution steps below.Root cause: Azure AD wasn’t able to identify the SAML request within the URL parameters in the HTTP request. This can happen if the application is not using HTTP Redirect Binding for sending the SAML request to Azure AD.Resolution:The application needs to send the SAML request encoded into the location header using HTTP Redirect Binding. For more information about how to implement this, read the section HTTP Redirect Binding in theSAML protocol specification document.If you're the admin configuring single sign-on, verify:The application supports service provider-initiated SSO and single sign-on is enabled on the application side.Verify the sign-on URL https://ensurem.domo.com is configured. Currently, the application Domo is not sending a SAML request to Azure AD in the redirection from the application sign-in page to Azure AD sign-in page.
Screenshot:

134018-azure-sso-error-to-domo.png

Checked the configurations couple of times and problem still occurring.
Let me know your thought about the issue.

Thanks and regards
Ashutosh

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,568 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,601 Reputation points
    2021-09-22T11:23:45.187+00:00

    Hello @Ashutosh Joshi ,

    Thanks for reaching out.

    It seems to be your application using incorrect HTTP binding to send SAMLP request to Azure AD for authentication.

    It should be HTTP Redirect binding as per OASIS Standard, this defines a mechanism by which SAML protocol messages can be transmitted within URL parameters as shown:

    Example:

    HTTP 302 Redirection call to https://login.windows.net/12345bf-812f1-12af-12ab-4d9cd088db56/saml2?SAMLRequest=fZDLboMwFER/BXmPQ0yqlCtAQiBVqO8kqtrsLGo1VMY2vhfR5uvrJpt00/2cOZrJUQ7aQTXRwWzUOCmk6EV57K0pmOAJi9qmYOPxdTdmPK7Tt5tD8/y+EfGjONaf+4/bEECcVGuQpKHAJGIZJ1ksxC7JYLWGVcrXV9d7Fn0N2iCcfAWbvAErsUcwclAI1MG2ur+DoATnLdnOalbmv2k4CfwF/z8uEZWnMICV8zxzCpOkc0uR8s4O+eKi8tzv4CF0tM2T1X33HVVa27n2SpIqGPlJsUV5pv7eVP4A&RelayState=I8c5EnxYvZS2UeQrX8OJcE8S43AmiZ

    Note : If you look at above URL, you could see SAMLRequest part of URL parameter

    Alternatively, more complex message content can be sent using the HTTP POST or Artifact bindings. To learn more about HTTP Redirect binding (see Section 3.4)

    In this scenario, I would recommend you to collect HTTP trace to verify if application sending SAML request with HTTP Redirect binding by using either SAML-Tracer orfiddler Tracer so you would see trace similar to below:

    134237-image.png

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

  2. Ashutosh Joshi 1 Reputation point
    2021-09-22T19:53:44.813+00:00

    Hey,

    Thanks for getting back to me so quickly. I checked with SAML-Tracker and you were right I'm not getting any "HTTP redirect binding". No SAML request can be seen in the SAML tracker during the "TEST LOGIN". Any idea how can I resolve this issue. ?

    134424-saml-tracker.png