SAML Plugin Configuration

Hi Team,
We are in process of configuring SAML plugin to authenticate. Also have configured the Identity provider settings.
The entityID in SPMetdata xml is entityID=“https://xxxxxxxx/piwik/index.php?module=LoginSaml&action=metadata”>

Authentication is failing because of & in entityId. How can we configure entityid in metdata xml?
Please suggest!!!


Can you please supply any errors you are seeing and identity provider to


you mean Identity provider entity id, SSO service URL etc?? These data is confidential.


No, we just need your Identity Provider such as one-login etc and error codes you are seeing. Can you please send this information to


Hi Jason,
Ours is based on the products of ForgeRock especially on OpenAM that manage the authentication.
I dont see any error in SAML.log… except this line “Initiated the Single Sign On, Redirecting to the IdP”.
Can u please let me know if you need any other info.

You can modify the Entity ID of the SP In the advanced setting of on the SAML plugin.

Hi Jason,
I have enabled debug mode and given entity ID. Still I dont see any error in SAML.log . Saml Login redirects to our authentication page with below error. Can the entity ID be an URL format or any other format???


Can you please tell me what version of Matomo you are using at the moment?


Hi Jason,
I have replied you through mail for this question few days back. We are using matomo 3.5.1


Sorry, we don’t seem to have received this email. Could upgrade your Matomo to the latest version, as well as the plugin?

Let me check on upgrade part. But 3.5.1 is also much latest version right…


The latest Matomo version is 3.6.0, the plugin is at 3.1.0


Hi Jason,

Saml is properly configured now with IDp settings. But SAML login gives the following error.

A fatal error occurred

Please contact the system administrator, or login to Matomo to learn more.

If you are Super User, but cannot login because of this error, you can still troubleshoot further. Follow these steps:

  1. open the config/config.ini.php file and look for the salt value under [General] .
  2. edit this current URL you are viewing and add the following text (replacing salt_value_from_config by the salt value from the config file):


Invalid SAMLResponse. The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext

The Saml Issuer coming SAML response (in the post request) is wrong. The advanced SPentityId is set to correct value in settings.
How can this value is changed?


Sorry for the delay in getting back to you. Can you confirm your Matomo and SAML version?


I am also getting the same error after adfs redirection. My matomo version is 3.12.o

After following the steps getting below error.
SAML Response not found, Only supported HTTP_POST Binding

That error is thrown when the Magento Assertion Consumer endpoint is loaded and no SAMLResponse POST parameter is provided by the Identity Provider.

You need to verify that the IdP is configured to use HTTP-POST binding for the SSO flow. a good way to validate this is by installing the SAMLTracer tool and check that what is sent to the AssertionConsumerService endpoint was a POST.

You provided by email an example of the AuthNRequest sent by Magento and the SAMLResponse replied by the IdP, so I believe the HTTP-POST binding was not used, and instead the HTTP-Redirect binding was used.

We’ll continue to help by email since you also reached out there. Thanks!

Hi there,
Just to let you know that we encountered the same issue with Matomo 4.4.1 and SAML Plugin 4.0.3
The workaround on our side has been to fix the IDP Registry to take this case into account.
Cheers, Alice

1 Like