SP initiated login fails in Identity Cloud or AM (All versions) with Service Provider ID is null error
The purpose of this article is to provide assistance if a SP initiated login fails in ForgeRock Identity Cloud or AM with an error, "Service Provider ID is null". The request sent by the client was syntactically incorrect. For example, your login URL is similar to: https://sp.example.com:8443/am/saml2/jsp/spSSOInit.jsp
Symptoms
An error similar to the following is shown in the browser when the login URL is called:
HTTP Status 400 - Service Provider ID is null. type Status report message Service Provider ID is null. description The request sent by the client was syntactically incorrect.Recent Changes
Configured SAML 2.0 Federation to initiate SSO from the service provider side.
Causes
The identity provider cannot be identified due to incorrect or missing metaAlias.
Solution
This issue can be resolved by including metaAlias in the login URL (which is a required parameter). This parameter specifies the local alias for the service provider.
An example URL for a SP initiated login is:
https://sp.example.com:8443/am/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https%3A%2F%2Fidp.example.com%3A8443%2FamNote
The spSSOInit.jsp element of the URL is case-sensitive and the URL will fail if this is in the wrong case. For example, including spssoinit.jsp in the URL will not work.
See Also
How do I configure IdP or SP initiated Single Sign On in Identity Cloud or AM (All versions)?
Related Training
ForgeRock Access Management Deep Dive (AM-410)
Related Issue Tracker IDs
N/A