SAML Authentication in CRM Developer Sandbox

SAML Authentication in CRM Developer Sandbox

I have been attempting to get a connected application working with SAML authentication. I was able to get SAML authentication working fine when I published my application and installed it in a CRM free trial account, but as a developer I would like to be able to use the "Test your Extension" sandbox to test SAML authentication without having to publish development work. This does not seem to function.

Currently, I have a Web Tab defined in my extension which contains my externally-hosted connected application. When clicking the Web Tab from the sandbox, the application launches and redirects to the samlGlogin page with the various query parameters. That page simply returns a HTTP 401 with no content. Not a great help there.

Previously (under another account), I had my app published and installed in CRM free trial. This worked for my production URL. If the extension was installed in the free trial CRM, the sandbox samlGlogin page would load a page with the message "AssertionConsumerServiceURL (ACS URL) in SAML request not Conforming to the one in the installed Connected App." If the extension was not installed in the free trial CRM account, the samlGlogin page would respond with a HTTP 404 error.

Has anybody been able to get this working? Or is it just a broken feature? The documents seem to indicate it should work and that the connected applications provide both a sandbox and production URL is also a sign this was intended to function. Cheers.

--

 - Aaron