I just went through setting up SAML SSO with honeycomb.io and thought I would help the next person a bit. JumpCloud doesn't have a pre-built SSO application for honeycomb.io so you have to use a custom SAML app. Even with this the initial configuration was pretty simple; honeycomb.io imports a JumpCloud metadata URL and provides the necessary information in a easy to access format. In fact, I had IdP initiated logins working almost immediately. Wonderful!
The problem was that SP initiated logins were failing with an "Invalid SAML Assertion" message in honeycomb.io. It turns out that JumpCloud doesn't sign authentication requests in custom SAML SSO application configurations. Since I had used the "Use Metadata URL instead" function in the honeycomb.io configuration dialog box the "Identity Provider Wants Signed Authentication Requests" was automatically checked. Unchecking this box resolved the problem and now I can log in to honeycomb.io from both JumpCloud and a direct honeycomb.io link. WooHoo! 😊
