While debugging Salesforce SAML Single Sign-On (SSO) issues, you may see the error 'InResponseTo: Invalid' in the Salesforce Login History.
SAML (Security Assertion Markup Language) is an open standard used for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP) such as Salesforce. The InResponseTo field in a SAML response is used to match the response to its originating SAML request.
This error indicates a mismatch or unexpected presence of the InResponseTo value in the SAML response. It can occur in both Service Provider (SP) initiated and Identity Provider (IdP) initiated login flows. Reviewing the SAML Login History in Salesforce Setup is the recommended first step for diagnosing this error.
InResponseTo value matching the ID of the original SAML request.InResponseTo value that does not match the ID of the SAML request that Salesforce generated. This can happen if the IdP is replaying an old response or if the request ID was altered.InResponseTo value is generated when the My Domain login page loads and expires after 8 minutes. If the SAML response is sent to Salesforce more than 8 minutes after the user loaded the My Domain login page, Salesforce rejects it with this error. Ask users to complete the login process promptly without leaving the page idle.InResponseTo value — which is unexpected in this flow. In an IdP-initiated flow, the IdP sends a SAML assertion to Salesforce without a prior SAML request from Salesforce, so no InResponseTo value should be present. Configure your IdP to omit the InResponseTo field when sending IdP-initiated assertions to Salesforce.000385754

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.