Pushed the new compliance sync module to client staging org using genesys-cloud-sdk-js@3.92.1. The /api/v2/organizations/{organizationId}/sso/saml/metadata endpoint doing jack all. It’s rejecting the PUT request with a 400 Bad Request every time we try to upload the IdP XML. Console logs show the payload structure matches the schema exactly, but the response keeps throwing that validation error. We’ve verified the ACS URL in the XML matches the organization base domain. The SSO settings panel in the admin console just spins forever after the API call fails. Multi-org OAuth tokens are generating fine, but the compliance dashboard flags the app as non-conformant because the SSO handshake never completes. Rate limits aren’t the issue here. The request headers include the correct x-gc-version and Authorization bearer token. Tried stripping the XML namespaces down to the basics, still hitting the same 400. The documentation mentions a specific entityID format requirement for AppFoundry partners, but the error response doesn’t specify which field is actually malformed. Client is pushing hard on SOC2 compliance checks and the audit log shows repeated failed metadata uploads. The SDK helper function wraps the call nicely, but it just bubbles up that same error. Network tab shows the request payload is exactly 14KB. Maybe the signature validation step is choking on the certificate chain length? Certificate has three intermediate CAs.
{
"code": "invalid_request",
"message": "SAML metadata validation failed: Missing required assertion consumer service URL",
"status": 400
}
ACS URL is definitely there.