Forum Discussion

Anthony_Epron's avatar
Icon for Nimbostratus rankNimbostratus
Dec 03, 2021

SAML assertion is invalid



I try to configure saml with Keycloak and APM.


I am correctly redirected to the login page of Keycloak but when I'm come back to F5 my session is deny.


When I check on logs I can see "SAML assertion is invalid, error: Id of InResponseTo should match id of authentication request".


Someone have an idea of why I have this message ?


Thanks in advance all !


1 Reply

  • Hi Anthony,


    Have you got SAML tracer available by any chance? ( - also available for Firefox)

    That should give you insight in what the exact message is that you're getting back from Keycloak. Have a look specifically at the "InResponseTo=" field in the response and compare it with the "ID=" field in the original request from the F5 to Keycloak.


    There may be some more useful information here;


    Hope this helps.