Invalid_response error on login persist

[mitchflores]

Problem:
Persistent - Invalid_response error on login

Environment details:

• Version: TeamCity Enterprise 2023.11 (build 147331)
• IdP Config:

• SP Metadata:

• teamcity-auth.log collected:

Additional Info:

• We are running TC server using docker container.
• docker-compose.yml

• .env file

• With NGINX reverse proxy in front of it.

[mitchflores]

We have resolve this issue by creating a new enterprise application in Azure Entra, and configure basic SAML from the ground up. It turns out that the issue was due to our existing enterprise application was configured completely different from the guide. It was configured with openid connect and oauth as oppose to basic SAML from the guide instruction. We had the Identifier (Entity ID) set to the Application ID, whereas the SAML settings expects it to be same with callback URL.