Follow

Troubleshooting Common Issues with SAML/SSO

 

View the log files for in-depth troubleshooting. On-Site Deployment (OSD) customers can view the SAML related logs in sdlc.log. As of SD Elements version 4.6 and later, SAML logs have been moved to a separate saml.log file. SaaS customers may need to contact SD Elements support for assistance.

 

Common issues with SAML/SSO

  • SAML is posting to the wrong SP URL
    • The SP URL uses the domain from the Domain Settings page. Make sure this value is correct before you enable SAML.
  • The user is not redirected to the correct Login URL
    • The login URL is heavily cached.
      • SD Elements may need to be restarted in order to complete the change.
    • Ensure the target URL ends in a trailing slash, such as /sso/saml2/acs/
  • "Not for me”" error
    • The entity ID maybe be incorrect.
  • "Missing key" error
    • This may be caused by an entity ID mismatch between the SAML assertion and the IdP metadata.
  • "Can’t use it yet" error
    • System time may be out of sync with the time on the SAML token. Check NTP settings.
  • "Strange beginning of PEM File" error
    • The certificate may be invalid. Verify that it is in unix format and does not contain DOS line endings. You can also validate it using the following command: openssl x509 -in filename.crt -text -noout
  • "The user is none" or "Could not find saml_user_value" error
    • This may be caused by an unexpected attribute mapping. Verify the value of SAML_ATTRIBUTE_MAPPING in the local_settings.py file.
  • "NoneType' object has no attribute 'authn_statement'" error
    • This typically indicates that the decryption of the encrypted assertion has failed. The IdP may be missing or have the incorrect the public encryption key of the SP.

 

 

Using the name ID as the username

Some SAML providers will only return a name ID. To configure the application to use the name ID as the username, you will need to set the following value in the local_setting.py file: SAML_USE_NAME_ID_AS_USERNAME = True. For SaaS users, contact support@sdelements.com to make the change.

For further reference, please see the following documents:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments