KB-2051 "No EntityDescriptor found" when setting up Salesforce as an Identity Provider

Symptoms

When attempting to upload the Identity Provider metadata into the Appian Administration Console as part of setting up SAML, the error "No EntityDescriptor found. IdP metadata must include one <EntityDescriptor> element" is displayed.

Cause

Salesforce can act as both a Service Provider and an Identity Provider in the context of a SAML exchange. In order to configure SAML in Appian, the Identity Provider metadata must be uploaded into the Admin Console. The error is generated when instead, the Service Provider metadata is uploaded into the Admin Console.

Action

To confirm that the incorrect file is being uploaded, check the metadata XML file for the existence of an SPSSODescriptor element. If this element is present, download the appropriate Identity Provider file from Salesforce and upload this file to the Admin Console instead.

Affected Versions

This article applies to all version of Appian using Salesforce for SAML authentication.

Last Reviewed: January 2020

Related
Recommended