This exception pops up when we try to test the SSO connection from the IDP record on the instance. Name id attribute value in the SAML response is all good but still to some reasons we get a blank navpage.do after the IDP authentication when trying to access the instance URL or test SSO connection from IDP record.
Release or Environment
The name id attribute on the IDP record under advanced tab on the instance is populated with "Auth context ref class method value" ie urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport which is an invalid configuration
The issue is with the name id attribute populated with incorrect value on the IDP record. Reconfigure the value of this field to blank will fix the issue. It is due to this reason, instance is not able to identify the name id attribute value from the SAML response and an exception is thrown.