Back to Docusign.com
Solved
What is the solution for the "The response assertion is missing a required attribute" error faced by our user when she logs in to her Docusign account.
- Legacy User
Best answer by Community Expert
We were able to resolve the problem we were having. Not sure if our resolution is specific to us or will help everyone. We had to do a few things.
First (in azure) fill out the user attributes & claims
- givenname - user.givenname
- surname - user.surname
- emailaddress - user.mail
- name - user.userprincipalname
- Unique User Identifier - user.userprincipalname
Next make sure that all users have a first name, last name, and email in the system.
- Legacy User
Duo (our 2FA) have been extremely helpful -spent hours with me on this - here is their reply -
"Was DocuSign support able to identify the missing attribute that is generating the error message during their ingestion of the saml response?
If they can identify what attribute is missing or misconfigured, specifically, we can correct that in the generic service provider settings and send them the correct attribute, we just need to know what is wrong. Their system is ingesting the saml response and generating the error message. Only they can identify the cause."
docusign - "Its not us, it's them, but we can't tell why"
- Docusign Employee
- Answer
We were able to resolve the problem we were having. Not sure if our resolution is specific to us or will help everyone. We had to do a few things.
First (in azure) fill out the user attributes & claims
- givenname - user.givenname
- surname - user.surname
- emailaddress - user.mail
- name - user.userprincipalname
- Unique User Identifier - user.userprincipalname
Next make sure that all users have a first name, last name, and email in the system.
- Legacy User
Cheers - One question Is the Azure(we don't use it) attribute listed first - Looks like I will have to create custom Attributes on the Duo side.
- Legacy User
Looks like the right side is the "source" (Azure?) data. here are a couple of screenshots:
- Legacy User
Ok, so with no thanks to DocuSign support, some thanks to Duo support (at least they would go over things) and many thanks to Nick for pointing me in the correct direction.
Here is the answer for Duo generic SAML
Docusign, your documentation sucks .
- Legacy User
These posts helped guide me to the answer for us. Thanks!
A user encountered this issue and within our AD, his EmailAddress field was null. Update this to the correct value and he could log in.
- Legacy User
Mate you are a legend. I honestly cant say thanks enough! We are moving to DocuSign over to Duo hosted SSO and this one was killing me. DocuSign documentation is shocking! However what you have provided as got me up and running. Again big thanks mate.
- Newcomer
Here is the solution that worked for me to resolve the error, “The response assertion is missing a required attribute.”
Microsoft Entra had a default Name identifier format set to Email address. However, the saml2 response, once decoded, showed that DocuSign expected the format to be Persistent. After changing the Name identifier format to Peristent, the SSO worked.
<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
Sign up
Already have an account? Login
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationDocusign Community
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.