Smartstaff
1,385
edits
Changes
→Troubleshooting
In order to retrieve information about why SSO is failing, first toggle the "Debug Mode" option within the SSO configuration in SmartSimple, and then test the SSO in order to generate log data within the Configuration Error Log.
* '''SAML failed. No user account found'''
: This means that a corresponding active user was not found in the SmartSimple instance. Check the [Unique Identifier Field] that is configured in the SSO setting, and then compare the value of the "NameID" node sent within the SAML assertion to see if a user with that field value exists in SmartSimple. Check that the user is activated and allows login.
* '''SAML failed. Login session is null'''
: Check that a matching user account exist
: Check x509 certificate
: Verify that the endpoint in the SSO assertion is correct. There should be a Response node with a parameter like Destination="https://alias.smartsimple.com/SAML2/"
* '''SAML signature validation failed''' : This means that the x509 cerficate certificate does not match between the SAML Assertion and the value configured in the instance SSO settings.* '''SAML response expired'''
: Check the datetime value of the parameter named ''NotAfter'' and ''NotBefore'' within the SAML Assertion and compare these with the expected datetime that the assertion was sent. It is possible to adjust the '''Timestamp Time Zone''' dropdown settings.
* '''Invalid response format. Unparseable date'''.
: Check that the SAML Assertion contains both parameters: ''NotAfter'' and ''NotBefore''
* '''SAML processing error'''
: Check that the value for the ''SSO Alias'' is "SAML2" for SSO in production instance
: If it is for a Multi Environment, value in the ''SSO Alias'' should be the value in the attribute ''SSOModule''
* '''No log file is found in SmartSimple''' : Verify the parameter: Destination="https://alias.smartsimple.com/SAML2/" from the SSO Assertion.
: Check that the value for the ''SSO Alias'' is "SAML2" for SSO in production instance.
: If it is for a Multi Environment, value in the ''SSO Alias'' should be the value in the attribute ''SSOModule''
* '''After logging thru SSO, you are redirected to "mesagetype=30"''' : Verify that the alias of the instance is correct. To verify the alias, go to Waffle → Global Settings → Branding → Web Alias. Make sure that the Web Alias value is the same as the domain alias.* '''SAML InReponseTo does not match any of the possible Request IDs'''
: Verify the alias of the instance is correct.
: Verify that the SSO configuration for multiple environment do not have duplicate MES Environment Identifier.