SP Initiated SAML SSO gives error “Insufficient Privileges”

3
votes

I have SAML service provider(SP) and I want to use salesforce as a Identity provider(IdP) with my SP.

I have setup domain, Created new Connected App with saml enabled with all required details. Then downloaded metadata and used this to register on SP.

Salesforce gives me IdP initiated Login Page URL. When i visit that, it works perfectly. It redirects to saleforce login, after that sends SAML response to SP. But when I visit SP and initiate login from there which redirects to salesforce page which gives following error.

Insufficient Privileges You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.

1
salesforcesamlsaml-2.0
Did you find the problem?Ivangrx
unfortunately no, but I started using IdP initiated loginhridayesh

1 Answers

3
votes

I had the same issue and got fixed. Here are helpful tips. 

  1. You can check on the logs under 'Manage Users -> Identity Provider Event Log'. This could give reason for your error. I got a 'Error: User does not have access to this service provider' error 
  2. For this, the user was not given permission. Even if the user is System Administrator, the access to Connected App is not given by default.  To give permission, go to 'Manager Users -> Users' and click edit on the user you are testing.Click profile name link .e.g System Administrator. This takes to profile page. You can scroll below to 'Connected App Access' and you would see that the access is not given. Give the access by clicking edit profile in the top of page.