Outgoing SSO Issuer Parameter Update


After our 5.55 release this past Sunday it was discovered that a minor update to the content of our SAML Response was inadvertently made. The 'Issuer' parameter, which corresponds to the 'entityID' value in our IdP Metadata, now contains a forward slash (/) at the end. The IdP Metadata in our public documentation for Outgoing SSO has since been updated. Unfortunately we are unable to safely revert the change - all clients utilising our Outgoing SSO feature who are experiencing issues should update their Service Provider (SP) configuration to account for this change. The specific update should be adding a / to the end of the 'entityID' value stored for Absorb, or entirely re-importing our metadata. The corresponding parameter in the SAML Response is:

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://subdomain.myabsorb.com/</saml:Issuer>

(whereas it was simply "https://subdomain.myabsorb.com" with no forward slash prior to this change)

All forms of Incoming SSO are unaffected by this issue.


Published on
Have more questions? Submit a request


Article is closed for comments.