What does "Invalid SAML assertion in security header" mean?


If a profile doesn't have Session Authentication checked and an add-in tries to make a SOAP request (using a connection prepared with session authentication), an error reading "Invalid SAML assertion in security header" will be shown and the request will fail.

To fix this simply go the the Permissions tab on the profile in question and check the "Session Authentication" checkbox in the Public SOAP API section:

Zircon - This is a contributing Drupal Theme
Design by WeebPal.