Hi,

I'm trying to generate SAML according to Salesforce's documentation. After a full day of trying different tweaks I'm still stuck. My SAML (version 1.1) looks correct to me, but when I post it to Salesforce in a "SaMLResponse" field it logs the error "Failed: Assertion Invalid" along with the login name specified in the SAML. Does anyone know how to debug this, or perhaps a comparison to a working SAML response would help...

I tried using the SAML validator in Salesforce. It tells me everything is "ok" (in green) execpt for two things:

"6. Checking that the Attribute namespace matches, if provided"  returns "Unknown"

"7. Miscellaneous format confirmations" returns "Unknown"

The validator did not return any red error messages, however I have no clue what the two Uknown messages mean.

I've tried different types of SSO configuration in Salesforce, both with a NameIdentifier and User ID is in an Attribute element, neither of the work, however Salesforce always logs the username in the logs - so that appears to be working.

Here's a sample SAML - if anyone has ideas on what's wrong I'd really appreciated it: