adamstegman
commented
4 years ago Yes, your IdP should send you to the ACS URL along with a SAML response. It looks like the response your IdP is sending doesn't conform to the expected protocol. The ruby-saml gem does the validation that's failing here. It also looks like the schema is hard-coded, so it's not a matter of choosing a different one.
I would suggest you inspect the SAML response from your IdP (you could do that by adding a logging statement to the strategy), and see if you can spot the error, or send it to your IdP to have them figure out why it's invalid.
How can we use this gem for IdP initiated sign in? From my understanding we should call the ACS URL directly which would have the SAMLResponse. But when we tried to do that, it is throwing an error: saml: Auth errors: Invalid SAML Response. Not match the saml-schema-protocol-2.0.xsd
Any pointers?