LaurentT.33908 (Customer) asked a question.
Hello,
I have generated an AuthnRequest coming from a SP application that looks like this:
```
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://10.3.33.98/service/bach/auth/saml/login"
ID="z5ec7ffe0-8c06-41ee-877e-04c0d50e9a44"
IssueInstant="2025-06-05T14:02:19.577Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
>
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">livesp-feature</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig*">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more*rsa-sha256" />
<ds:Reference URI="*z5ec7ffe0-8c06-41ee-877e-04c0d50e9a44">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig*enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n*" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc*sha256" />
<ds:DigestValue>yqxiywDcnk0oVGyqu0LKgr+vgKRLVv7TTO5MwYpzOQk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
5KBOH+eQz3zz3CY73/zWdgOne49l2b61yDixje5hAJo7ygKxbcYxasz/hyopXOcEUbV4jRBg1iUC
ogDwNK2VP0ynCjuYWxa4r6L8LUvDlkyPgJWqMrtp6Oioplu+/2D/i2rkgD/fXYM/patw82fpMXIK
wEPXt/QLPOvytRxl7Twge3CK8qExbAPgEbNhpwF2EVO8mP6eprg0q1LZTDYOirwYt21Q0PifWfI5
VUqY8N5ZAcjwPnuPQs8uYrbxNRf1XYkLTSIf8xRm19wAVeBIw2xDVHuhjSZXLdsf8WwzXIa6Eb3n
ZuSxAfTjkHw+FWXoZ2SUdNVMq9Ypu1Ld8JOIsA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICxDCCAaygAwIBAgIIQ5+mr91b4jQwDQYJKoZIhvcNAQELBQAwIjEgMB4GA1UEAwwXU2VsZiBTaWduZWQgQ2VydGlmaWNhdGUwHhcNMjUwNjA0MjE1ODE5WhcNMjYwNjA0MjE1ODE5WjAiMSAwHgYDVQQDDBdTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOici2AFuUwxPl79EXpQiFGK8iVzLORvJDka/OvviuYYlUvwywYwSZIoV3z5FBzWruIfvX+szV2i2MvzntjtMBGRJxwuNJ8+TM3fV13ZZSaUgp68MN3SU0QLgN5AyF5ueTpZdNWixF5fjob+GQYrJ7zNl+UaPGCZ9J0QO+Mo2MAl8uyJRqd7Rs5dtIUCiEIrFgBPPwCBI8BiAk69YpTc3JWtnlpwISCpcuZt1brxo4JAvTs4r+yaGiWd2ef3Gl9hWPa3t6+15xIjPQgmx+l33ftxWtyxqnreuYfo/qcD8dkwTbMt4Z4K73H2mCkkvkI4ukLS8ai9Muz9UnDEBxusChsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfZAULbhwJMv8OhNEZFVjOMQrK+lV4pk2i/iDMvyS38HY+HTAV9SAyikAlRIyP07OrYxhE1Ij/5ap+wMJ8oqCkBhMlzk4jxMIki2V48c8+gt11AHStQEAIKkNQjJoNa7ruKFCvSdmWGC0dvaxsU3gz3SIeEx+h3/P7G3+oH1L/TAqYHpOZQRpDzOB+FNjTx/0pqJaGTdmqlLNCsjwYd7+vCrrZFixyosIXNHWrMvaBZVjHTxEy1UcwD7kNywboFC4prJT+50fgYAp1NfDsZShxybQRneusF1219PLZj+W5bQE/6c+S9SRnbvlXzXPqkBI0dDdcYH6dQHogAp3WQ7kOA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
</saml2p:AuthnRequest>
```
Certificate has been uploaded in application saml configuration and I end up with a page like this with no more information... what should I do next?
Hello @LaurentT.33908 (Customer) , thank you for contacting Okta Community.
This error usually shows misconfiguration issues. You can start troubleshooting the matter by reviewing the settings on both sides. We also have an article on this:
“400: Bad Request Error Code: GENERAL_NONSUCCESS” Received when Attempting Login with SAML IDP
You could also use a SAML Tracer extension, as discussed in this previous question:
400 Bad SAML request?
If the issue persists, I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.