Users might encounter the error 403 Error: Missing entityID or ACS URL when attempting to initialize Identity Provider (IdP) initiated logins. This issue manifests as an error message indicating a challenge with establishing the IdP flow.

Example Error Messages

"code": 403, "message": "Error when initializing SP and IDP: Error: Missing entityID or ACS URL for tenant "specific organization name", SSO ID: undefined"
 

• Custom SAML 2.0
• Palo Alto IoT Securities
• IdP initiated flow

The issue originates from an improper or incomplete initialization of the IdP flow, as indicated by the "Missing entityID or ACS URL" error message. The specific reason behind this issue, however, should be verified by connecting with Palo Alto Support.

To resolve the "Missing entityID or ACS URL" error:
 

1. Contact Palo Alto Support to ascertain if their IoT platform supports IdP-initiated logins.
2. If IdP-initiated logins are supported, request information regarding the specific requirements for the entityID and ACS URL.
3. Apply the solution or workaround provided by the Palo Alto Support team.

Related References

• Issue integrating Palo Alto IoT Securities Error 403 The Account Undefined