Invalid Callback URL when Using SAML Flow

Single Sign-On
Feb 20, 2026
Overview

When using Auth0 as a SAML Identity Provider (IdP) and trying to log in using a SAML flow, the following error message occurs: 

Callback URL mismatch.
The provided redirect_uri is not in the list of allowed callback URLs.

Applies To
  • Callback URL Mismatch
  • Service Provider (SP)-initiated SAML Flow
  • Invalid redirect_uri
Cause

When performing a SAML login flow, the Service Provider will call the Identity Provider with a SAML AuthnRequest. Within this request should be an AssertionConsumerServiceURL (ACS) attribute. This indicates where the Service Provider wants the response to be sent. 



When a client ID in Auth0 with the SAML AddOn receives a SAML request, it will compare the request's ACS URL to the client ID's allowed callback URLs, and if there is no match, the callback URL mismatch will occur. 

 

To troubleshoot this issue, check using a HAR file of the login flow that the SAML AuthnRequest's ACS URL matches allowed callback URLs for the application receiving the SAML request.

 

Solution
To resolve the issue, either update the application to pass an ACS URL on the allowed callback URL list for the Auth0 client ID in question or update the client ID's allowed callback URLs with the application's desired callback URL for the SAML assertion.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community