Issue about integrating Metabase Enterprise SAML with AZure

Dear Metabsae,
We're trying to test Metabase Enterprise SAML features, I have followed the official documentation to set up Metabase Enterprise SAML with Azure(https://www.metabase.com/docs/latest/enterprise-guide/authenticating-with-saml.html), and I'm sure I have set up almost everything no matter on Metabase and Azure side, and we have seen all the claims that Metabase needed from SAML debugger, don't know why can't pass the authentication from Metabase side.

I was trying to find out the Metabase ticket system or enterprise support email, I can't find it, so finally have to head to this Discuss forums.

Would you please help me out?

Here is the details setup on both Metabase on Azure

Metabase:

- URL the IdP should redirect back to:
https://test.reports.tlscontact.com/auth/sso


- SAML Identity Provider URL:
https://login.microsoftonline.com/e407b9bd-5c33-47c1-bc57-1175584ace12/saml2


- SAML Identity Provider Certificate:
xxxxxxxxxxx (I can't show here,just masked)


- SAML Application Name:
5743129c-a2a9-4c6f-8a84-d4040a2be552

Azure:

- Basic SAML Configuration
Identifier (Entity ID): https://test.reports.tlscontact.com/auth/sso
Reply URL (Assertion Consumer Service URL): https://test.reports.tlscontact.com/auth/sso
Sign on URL :https://test.reports.tlscontact.com/auth/sso

- User Attributes & Claims
Unique User Identifier (Name ID):user.mail [nameid-format:emailAddress]
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress:user.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname:user.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname:user.surname

SAML Debugging:

Issuer                      = https://sts.windows.net/e407b9bd-5c33-47c1-bc57-1175584ace12/
Subject                     = robintest@tlscontact.com
NameID                      = robintest@tlscontact.com
AttributeStatement:
http://schemas.microsoft.com/identity/claims/tenantid              = e407b9bd-5c33-47c1-bc57-1175584ace12
http://schemas.microsoft.com/identity/claims/objectidentifier      = 66f64031-2f29-4589-9178-5de141cbaa3f
http://schemas.microsoft.com/identity/claims/identityprovider      = https://sts.windows.net/e407b9bd-5c33-47c1-bc57-1175584ace12/
http://schemas.microsoft.com/claims/authnmethodsreferences         = http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
http://schemas.microsoft.com/ws/2008/06/identity/claims/role       = User
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname    = robin
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname      = test
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress = robintest@tlscontact.com

Metabase Error:

  • Login issue:

It looks like we weren't able to log you in.
Unable to log in: SAML response validation failed

Stuck? Need help? Contact the administrator of your Metabase instance about this error.
Additional Info

{:status-code 401}
  • Metabase logs:
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:44:37+08:00 ERROR metabase-enterprise.sso.api.sso Error logging in
clojure.lang.ExceptionInfo: Unable to log in: SAML response validation failed {:status-code 401}
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:128)
	at metabase_enterprise.sso.integrations.saml$validate_response.invoke(saml.clj:119)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invokeStatic(saml.clj:133)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invoke(saml.clj:132)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invokeStatic(saml.clj:168)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invoke(saml.clj:158)
	at clojure.lang.MultiFn.invoke(MultiFn.java:229)
	at metabase_enterprise.sso.api.sso$fn__59608$fn__59610.invoke(sso.clj:81)
	at metabase_enterprise.sso.api.sso$fn__59608.invokeStatic(sso.clj:80)
	at metabase_enterprise.sso.api.sso$fn__59608.invoke(sso.clj:76)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:187)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:32)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:64)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: clojure.lang.ExceptionInfo: Incorrect Response <Issuer> {}
	at saml20_clj.sp.response$fn__58780.invokeStatic(response.clj:86)
	at saml20_clj.sp.response$fn__58780.invoke(response.clj:80)
	at clojure.lang.MultiFn.invoke(MultiFn.java:244)
	at saml20_clj.sp.response$validate.invokeStatic(response.clj:299)
	at saml20_clj.sp.response$validate.invoke(response.clj:244)
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:124)
	... 71 more
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:13+08:00 DEBUG metabase.server.middleware.log GET /api/user/current 401 117.6 µs (0 DB calls) 
"Unauthenticated"

[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:13+08:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 1.2 ms (0 DB calls) App DB connections: 0/7 Jetty threads: 4/50 (3 idle, 0 queued) (87 total active threads) Queries in flight: 0 (0 queued)
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:19+08:00 ERROR metabase-enterprise.sso.integrations.saml SAML response validation failed
clojure.lang.ExceptionInfo: Incorrect Response <Issuer> {}
	at saml20_clj.sp.response$fn__58780.invokeStatic(response.clj:86)
	at saml20_clj.sp.response$fn__58780.invoke(response.clj:80)
	at clojure.lang.MultiFn.invoke(MultiFn.java:244)
	at saml20_clj.sp.response$validate.invokeStatic(response.clj:299)
	at saml20_clj.sp.response$validate.invoke(response.clj:244)
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:124)
	at metabase_enterprise.sso.integrations.saml$validate_response.invoke(saml.clj:119)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invokeStatic(saml.clj:133)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invoke(saml.clj:132)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invokeStatic(saml.clj:168)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invoke(saml.clj:158)
	at clojure.lang.MultiFn.invoke(MultiFn.java:229)
	at metabase_enterprise.sso.api.sso$fn__59608$fn__59610.invoke(sso.clj:81)
	at metabase_enterprise.sso.api.sso$fn__59608.invokeStatic(sso.clj:80)
	at metabase_enterprise.sso.api.sso$fn__59608.invoke(sso.clj:76)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:187)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:32)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:64)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:19+08:00 ERROR metabase-enterprise.sso.api.sso Error logging in
clojure.lang.ExceptionInfo: Unable to log in: SAML response validation failed {:status-code 401}
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:128)
	at metabase_enterprise.sso.integrations.saml$validate_response.invoke(saml.clj:119)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invokeStatic(saml.clj:133)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invoke(saml.clj:132)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invokeStatic(saml.clj:168)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invoke(saml.clj:158)
	at clojure.lang.MultiFn.invoke(MultiFn.java:229)
	at metabase_enterprise.sso.api.sso$fn__59608$fn__59610.invoke(sso.clj:81)
	at metabase_enterprise.sso.api.sso$fn__59608.invokeStatic(sso.clj:80)
	at metabase_enterprise.sso.api.sso$fn__59608.invoke(sso.clj:76)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:187)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:32)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:64)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: clojure.lang.ExceptionInfo: Incorrect Response <Issuer> {}
	at saml20_clj.sp.response$fn__58780.invokeStatic(response.clj:86)
	at saml20_clj.sp.response$fn__58780.invoke(response.clj:80)
	at clojure.lang.MultiFn.invoke(MultiFn.java:244)
	at saml20_clj.sp.response$validate.invokeStatic(response.clj:299)
	at saml20_clj.sp.response$validate.invoke(response.clj:244)
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:124)
	... 71 more
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:56+08:00 DEBUG metabase.server.middleware.log GET /api/user/current 401 114.3 µs (0 DB calls) 
"Unauthenticated"

[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:56+08:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 1.7 ms (0 DB calls) App DB connections: 0/7 Jetty threads: 5/50 (4 idle, 0 queued) (92 total active threads) Queries in flight: 0 (0 queued)
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:49:56+08:00 INFO metabase.server.middleware.exceptions Request canceled before finishing.
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:50:19+08:00 ERROR metabase-enterprise.sso.integrations.saml SAML response validation failed
clojure.lang.ExceptionInfo: Incorrect Response <Issuer> {}
	at saml20_clj.sp.response$fn__58780.invokeStatic(response.clj:86)
	at saml20_clj.sp.response$fn__58780.invoke(response.clj:80)
	at clojure.lang.MultiFn.invoke(MultiFn.java:244)
	at saml20_clj.sp.response$validate.invokeStatic(response.clj:299)
	at saml20_clj.sp.response$validate.invoke(response.clj:244)
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:124)
	at metabase_enterprise.sso.integrations.saml$validate_response.invoke(saml.clj:119)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invokeStatic(saml.clj:133)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invoke(saml.clj:132)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invokeStatic(saml.clj:168)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invoke(saml.clj:158)
	at clojure.lang.MultiFn.invoke(MultiFn.java:229)
	at metabase_enterprise.sso.api.sso$fn__59608$fn__59610.invoke(sso.clj:81)
	at metabase_enterprise.sso.api.sso$fn__59608.invokeStatic(sso.clj:80)
	at metabase_enterprise.sso.api.sso$fn__59608.invoke(sso.clj:76)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:187)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:32)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:64)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:50:19+08:00 ERROR metabase-enterprise.sso.api.sso Error logging in
clojure.lang.ExceptionInfo: Unable to log in: SAML response validation failed {:status-code 401}
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:128)
	at metabase_enterprise.sso.integrations.saml$validate_response.invoke(saml.clj:119)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invokeStatic(saml.clj:133)
	at metabase_enterprise.sso.integrations.saml$xml_string__GT_saml_response.invoke(saml.clj:132)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invokeStatic(saml.clj:168)
	at metabase_enterprise.sso.integrations.saml$fn__63158.invoke(saml.clj:158)
	at clojure.lang.MultiFn.invoke(MultiFn.java:229)
	at metabase_enterprise.sso.api.sso$fn__59608$fn__59610.invoke(sso.clj:81)
	at metabase_enterprise.sso.api.sso$fn__59608.invokeStatic(sso.clj:80)
	at metabase_enterprise.sso.api.sso$fn__59608.invoke(sso.clj:76)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:187)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:32)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:64)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: clojure.lang.ExceptionInfo: Incorrect Response <Issuer> {}
	at saml20_clj.sp.response$fn__58780.invokeStatic(response.clj:86)
	at saml20_clj.sp.response$fn__58780.invoke(response.clj:80)
	at clojure.lang.MultiFn.invoke(MultiFn.java:244)
	at saml20_clj.sp.response$validate.invokeStatic(response.clj:299)
	at saml20_clj.sp.response$validate.invoke(response.clj:244)
	at metabase_enterprise.sso.integrations.saml$validate_response.invokeStatic(saml.clj:124)
	... 71 more
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:58:45+08:00 DEBUG metabase.server.middleware.log GET /api/user/current 401 105.7 µs (0 DB calls) 
"Unauthenticated"

[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:58:45+08:00 DEBUG metabase.server.middleware.log GET /api/session/properties 200 1.1 ms (0 DB calls) App DB connections: 0/7 Jetty threads: 3/50 (4 idle, 0 queued) (87 total active threads) Queries in flight: 0 (0 queued)
[9759fb8b-f265-4163-a7db-272116fdebbe] 2021-05-17T14:58:49+08:00 WARN metabase.email Failed to send email
java.lang.Exception: SMTP host is not set.
	at metabase.email$fn__60661$send_message_or_throw_BANG___60666$fn__60670.invoke(email.clj:94)
	at metabase.email$fn__60661$send_message_or_throw_BANG___60666.invoke(email.clj:88)
	at metabase.email$send_message_BANG_.invokeStatic(email.clj:122)
	at metabase.email$send_message_BANG_.doInvoke(email.clj:107)
	at clojure.lang.RestFn.invoke(RestFn.java:619)
	at metabase.email.messages$send_login_from_new_device_email_BANG_.invokeStatic(messages.clj:201)
	at metabase.email.messages$send_login_from_new_device_email_BANG_.invoke(messages.clj:187)
	at metabase.models.login_history$post_insert$fn__62661.invoke(login_history.clj:72)
	at metabase.models.login_history$post_insert.invokeStatic(login_history.clj:70)
	at metabase.models.login_history$post_insert.invoke(login_history.clj:66)
	at toucan.models$fn__24411$fn__24522$G__24430__24527.invoke(models.clj:178)
	at toucan.db$insert_BANG_.invokeStatic(db.clj:611)
	at toucan.db$insert_BANG_.invoke(db.clj:597)
	at metabase.api.session$fn__62779$record_login_history_BANG___62784$fn__62785.invoke(session.clj:33)
	at metabase.api.session$fn__62779$record_login_history_BANG___62784.invoke(session.clj:31)
	at metabase.api.session$fn__62812$create_session_BANG___62804__62817$fn__62818.invoke(session.clj:61)
	at metabase.api.session$fn__62812$create_session_BANG___62804__62817.invoke(session.clj:49)
	at clojure.lang.AFn.applyToHelper(AFn.java:160)
	at clojure.lang.AFn.applyTo(AFn.java:144)
	at clojure.lang.AFunction$1.doInvoke(AFunction.java:31)
	at clojure.lang.RestFn.invoke(RestFn.java:436)
	at metabase.api.session$fn__62839$create_session_BANG___62831__62844$fn__62845.invoke(session.clj:69)
	at metabase.api.session$fn__62839$create_session_BANG___62831__62844.invoke(session.clj:64)
	at clojure.lang.AFn.applyToHelper(AFn.java:160)
	at clojure.lang.AFn.applyTo(AFn.java:144)
	at clojure.lang.AFunction$1.doInvoke(AFunction.java:31)
	at clojure.lang.RestFn.invoke(RestFn.java:436)
	at clojure.lang.MultiFn.invoke(MultiFn.java:239)
	at metabase.api.session$fn__62891$email_login__62896$fn__62897.invoke(session.clj:108)
	at metabase.api.session$fn__62891$email_login__62896.invoke(session.clj:103)
	at metabase.api.session$fn__62918$login__62923$fn__62924.invoke(session.clj:124)
	at metabase.api.session$fn__62918$login__62923.invoke(session.clj:118)
	at metabase.api.session$fn__62940$do_login__62943.invoke(session.clj:151)
	at metabase.api.session$fn__62940$fn__62946$fn__62947$fn__62948.invoke(session.clj:159)
	at throttle.core$do_with_throttling.invokeStatic(core.clj:93)
	at throttle.core$do_with_throttling.invoke(core.clj:87)
	at metabase.api.session$fn__62940$fn__62946$fn__62947.invoke(session.clj:157)
	at throttle.core$do_with_throttling.invokeStatic(core.clj:93)
	at throttle.core$do_with_throttling.invoke(core.clj:87)
	at metabase.api.session$fn__62940$fn__62946.invoke(session.clj:157)
	at metabase.api.session$do_http_400_on_error.invokeStatic(session.clj:134)
	at metabase.api.session$do_http_400_on_error.invoke(session.clj:132)
	at metabase.api.session$fn__62940.invokeStatic(session.clj:156)
	at metabase.api.session$fn__62940.invoke(session.clj:144)
	at compojure.core$wrap_response$fn__12050.invoke(core.clj:160)
	at compojure.core$wrap_route_middleware$fn__12034.invoke(core.clj:132)
	at compojure.core$wrap_route_info$fn__12039.invoke(core.clj:139)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:151)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.api.session$_PLUS_log_all_request_failures$fn__63070.invoke(session.clj:355)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:199)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at clojure.lang.AFn.applyToHelper(AFn.java:160)
	at clojure.lang.AFn.applyTo(AFn.java:144)
	at clojure.core$apply.invokeStatic(core.clj:665)
	at clojure.core$apply.invoke(core.clj:660)
	at metabase.server.routes$fn__82852$fn__82853.doInvoke(routes.clj:57)
	at clojure.lang.RestFn.invoke(RestFn.java:436)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$make_context$handler__12090.invoke(core.clj:287)
	at compojure.core$make_context$fn__12092.invoke(core.clj:296)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:153)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:153)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$wrap_route_matches$fn__12043.invoke(core.clj:153)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:199)
	at compojure.core$routes$fn__12062$f__12063$respond_SINGLEQUOTE___12064.invoke(core.clj:197)
	at compojure.core$make_context$fn__12092.invoke(core.clj:297)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at compojure.core$routes$fn__12062$f__12063.invoke(core.clj:198)
	at compojure.core$routes$fn__12062.invoke(core.clj:200)
	at metabase.server.middleware.exceptions$catch_uncaught_exceptions$fn__80892.invoke(exceptions.clj:98)
	at metabase.server.middleware.exceptions$catch_api_exceptions$fn__80889.invoke(exceptions.clj:86)
	at metabase.server.middleware.log$log_api_call$fn__82768$fn__82769.invoke(log.clj:195)
	at toucan.db$_do_with_call_counting.invokeStatic(db.clj:216)
	at toucan.db$_do_with_call_counting.invoke(db.clj:209)
	at metabase.server.middleware.log$log_api_call$fn__82768.invoke(log.clj:189)
	at metabase.server.middleware.browser_cookie$ensure_browser_id_cookie$fn__82404.invoke(browser_cookie.clj:30)
	at metabase.server.middleware.security$add_security_headers$fn__80854.invoke(security.clj:142)
	at metabase.server.middleware.json$wrap_json_body$fn__82549.invoke(json.clj:62)
	at metabase.server.middleware.json$wrap_streamed_json_response$fn__82567.invoke(json.clj:98)
	at ring.middleware.keyword_params$wrap_keyword_params$fn__83109.invoke(keyword_params.clj:55)
	at ring.middleware.params$wrap_params$fn__83125.invoke(params.clj:69)
	at metabase.server.middleware.misc$maybe_set_site_url$fn__35833.invoke(misc.clj:58)
	at metabase.server.middleware.session$bind_current_user$fn__43356$fn__43357.invoke(session.clj:248)
	at metabase.server.middleware.session$do_with_current_user.invokeStatic(session.clj:229)
	at metabase.server.middleware.session$do_with_current_user.invoke(session.clj:221)
	at metabase.server.middleware.session$bind_current_user$fn__43356.invoke(session.clj:247)
	at metabase.server.middleware.session$wrap_current_user_info$fn__43343.invoke(session.clj:207)
	at metabase.server.middleware.session$wrap_session_id$fn__43329.invoke(session.clj:153)
	at metabase.server.middleware.auth$wrap_api_key$fn__56443.invoke(auth.clj:27)
	at ring.middleware.cookies$wrap_cookies$fn__83029.invoke(cookies.clj:216)
	at metabase.server.middleware.misc$add_content_type$fn__35816.invoke(misc.clj:27)
	at metabase.server.middleware.misc$disable_streaming_buffering$fn__35841.invoke(misc.clj:75)
	at ring.middleware.gzip$wrap_gzip$fn__83071.invoke(gzip.clj:86)
	at metabase.server.middleware.misc$bind_request$fn__35844.invoke(misc.clj:92)
	at metabase.server.middleware.ssl$redirect_to_https_middleware$fn__82785.invoke(ssl.clj:48)
	at metabase.server$async_proxy_handler$fn__82348.invoke(server.clj:71)
	at metabase.server.proxy$org.eclipse.jetty.server.handler.AbstractHandler$ff19274a.handle(Unknown Source)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:516)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
	at java.base/java.lang.Thread.run(Unknown Source)

Hi @robin
You can get in touch with Enterprise support via support@metabase.com
We have just completed a documentation for Azure, so have a look at that:
https://github.com/metabase/metabase/blob/master/docs/enterprise-guide/authenticating-with-saml-azure-ad.md
My initial thoughts are that the Azure: Identifier (Entity ID) and Metabase: SAML Application Name does not match.

Hi @flamber,
I have followed your advice, but I still have an issue with SSO.
I have dropped a mail to enterprise support.

Thanks