+ Start a Discussion
Morgan MarcheseMorgan Marchese 

Salesforce as IDP - Single Sign-On Error: Invalid HTTP Method

I'm completely new to SSO, so please bare with me... I am trying to setup Salesforce as the IDP using SAML 2.0 for a third party application called Aha.io. I've followed this guide to Enable Salesforce as an Identity Provider:
https://help.salesforce.com/apex/HTViewHelpDoc?id=identity_provider_enable.htm&language=en (https://help.salesforce.com/apex/HTViewHelpDoc?id=identity_provider_enable.htm&language=en)

After setting up my domain and enabling the required items, I then went to my Identity Provider Setup, and downloaded the Metadata XML file, which I then uploaded into Aha in their SAML 2.0 Configuration Section (they have an option to upload a Metadata file to be read for setup).

Now at this point, when I try to go to our aha.io portal (http://msidev.ideas.aha.io), it attempts to redirect me to Salesforce for my Single Sign-On, but instead of being logged in and redirected back to Aha, I receive the error "Invalid HTTP Method".

At this point, I'm stuck. I can't find any documentation specific to this Single Sign-On error, or any additional setup instructions for setting up SFDC as the IDP. Has anyone encountered this error before? I don't know if there is a problem with my IDP setup, or if there is a problem with Salesforce attempting to redirect me back to the service provider after authentication. The Identity Provider Event Log is blank, so I have no information to go off of.

Can I assume that the metadata that I used to setup SFDC as my IDP is correct and that Aha is correctly bringing me to Salesforce to authenticate? If so, why am I getting this error instead of being passed back to Aha?

I'll take any help I can get, please. Let's solve this together!

 

Andy BoettcherAndy Boettcher
If I were to make an assumption based on what you're seeing going on, I would think that Aha.IO is trying to pass an HTTP method to Salesforce that is not supported.  You wouldn't see anything in your IdP logs as it didn't even make it through the front door.

I would contact Aha to see if they can provide you any assistance - I see they do have an App on the AppExchange that passes some sort of credentials (http://support.aha.io/hc/en-us/articles/203880429-Installing-the-Aha-Salesforce-application), but don't know if they're just hacking it in or using true SSO.

Good luck!
Chris WatersChris Waters
The solution is to use the "SP-Initiated Redirect Endpoint" URL from the "SAML Login Information" settings in Salesforce in the "Single sign-on endpoint" field in Aha!

'This will instruction Salesforce to use a GET redirect rather than a POST when sending information to Aha!
prathyusha b 9prathyusha b 9
Make below changes in SP & IDP respectively then try
1. Create a remote site setting in Service provider (SP) with the URL of IDP login URL / Domain URL (Before configuring the SSO settings in SP org - Mandatory)
2. Use Entity ID URL as ACS URL. (Both are same)

Refer below video for more details:
https://www.youtube.com/watch?v=zSD_wwELkxU