This section includes troubleshooting topics about single sign-on (SSO) issues.



Similar documents
SAML Single-Sign-On (SSO)

This section includes troubleshooting topics about certificates.

SAML-Based SSO Solution

SAML-Based SSO Solution

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

SAML SSO Configuration

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Cisco WebEx Meetings Server Troubleshooting Guide Release 1.1

dotmailer for Salesforce Installation Guide Winter 2015 Version

Egnyte Single Sign-On (SSO) Installation for OneLogin

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Agenda. How to configure

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Active Directory Federation Services

Getting Started with AD/LDAP SSO

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

SAP Cloud Identity Service Document Version: SAP Cloud Identity Service

Using SAML for Single Sign-On in the SOA Software Platform

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

SSO Plugin. Case study: Integrating with Ping Federate. J System Solutions. Version 4.0

Providing Single Signon (SSO) with Enterprise Identity Services and Directory Integration

National Identity Exchange Federation. Web Browser User-to-System Profile. Version 1.0

Configuring. SuccessFactors. Chapter 67

Configuring SuccessFactors

T his feature is add-on service available to Enterprise accounts.

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Authentication Methods

ShareFile Security Overview

Enabling Single Sign- On for Common Identity using F5

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

User Guide. The AMF's File Transfer Service (FTS)

McAfee Cloud Identity Manager

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Security Assertion Markup Language (SAML) Site Manager Setup

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

DocuSign Information Guide. Single Sign On Functionality. Overview. Table of Contents

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Set Up Certificate Validation

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Joining a Meeting. Before You Join a Meeting

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Single Sign-On Implementation Guide

Copyright: WhosOnLocation Limited

ADFS Integration Guidelines

VMware Identity Manager Administration

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

OIOSAML 2.0 Toolkits Test results May 2009

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Egnyte Single Sign-On (SSO) Installation for Okta

The increasing popularity of mobile devices is rapidly changing how and where we

Cisco AnyConnect VPN Client Installation Guide for Single Factor Authentication: Windows

SAML Security Option White Paper

Operating Level Agreement for NYU Login Service

McAfee Cloud Identity Manager

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Web Based Single Sign-On and Access Control

How To Use Saml 2.0 Single Sign On With Qualysguard

How to create a SP and a IDP which are visible across tenant space via Config files in IS

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Portal Recipient Guide

Implementation Guide SAP NetWeaver Identity Management Identity Provider

OpenLogin: PTA, SAML, and OAuth/OpenID

Configuring Salesforce

CUNY TUMBLEWEED (SECURE TRANSPORT) USER GUIDE

How To Sync Google Drive On A Mac Computer With A Gmail Account On A Gcd (For A Student) On A Pc Or Mac Or Mac (For An Older Person) On An Ipad Or Ipad (For Older People) On

AVG Business SSO Partner Getting Started Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide

CA Nimsoft Service Desk

SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

IAM Application Integration Guide

Connected Data. Connected Data requirements for SSO

Microsoft Office 365 Using SAML Integration Guide

Adding Single Sign-On to CloudPassage Halo

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

FAQ: troubleshooting Java for Saba Web Access

Perceptive Experience Single Sign-On Solutions

2 Downloading Access Manager 3.1 SP4 IR1

HP Software as a Service

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network.

Sophos Mobile Control SaaS startup guide. Product version: 6

How to Obtain an APNs Certificate for CA MDM

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

For details for obtaining this later version; see the Known issues & Limitations, section at the end of this document.

OneLogin Integration User Guide

Configuring. Moodle. Chapter 82

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

NOTE: New directions for accessing the Parent Portal using Single Sign On

CA SiteMinder. Federation Security Services Release Notes. r12.0 SP3

SAML single sign-on configuration overview

Automated Testing of SAML 2.0 Service Providers. Andreas Åkre Solberg UNINETT

Single Sign On for ShareFile with NetScaler. Deployment Guide

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Transcription:

This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page 2 SSO Error Codes, page 3 SSO Does Not Work with ios Devices, page 5 SSO Fails After Completing Disaster Recovery Operation Problem When a user completes a disaster recovery operation, SSO fails due to expired certificates. Possible Cause Existing SSO certificates were installed before the application was installed. Solution Reinstall SSO certificates after completing Disaster Recovery Operation. After you perform your restoration on the disaster recovery system, sign in to the Administration site and select Settings > Security > Certificate > SSL Certificate > Generate CSR.Under More Options, select Download CSR to download the generated CSR. Use the CSR to obtain a new SSL Certificate. Refer to the "Generating SSL Certificates" section of the Administration Guide for more information. Import your new SSL certificate by selecting Settings > Security > Certificate > More Options (Import SSL Certificate). Import the same SSL certificate into your ADFS (Active Directory Federation Service) for the site URL's relay party. SSO Protocol Error Problem You receive the error message, "SSO protocol error. Contact your administrator for further " Possible Cause Your SSO administration site or IdP configuration contains errors. Possible Cause SSO is not enabled. Possible Cause Some or all of the required IdP attributes are not configured: firstname, lastname, email. Possible Cause The NameID parameter of your SAML is not set to email. 1

SSO Redirection Has Failed Solution If you are unable to determine the cause of your SSO protocol error, generate a log and contact the Cisco TAC for further assistance. If you believe the cause is one of the above, make sure the required IdP attributes are configured and make sure the following IdP attributes are set to the user's email address: uid, SAML_SUBJECT.. SSO Redirection Has Failed Problem A user attempts to sign in and receives a "SSO Redirection Failed" message. The user is directed to an administrator for help. Possible Cause An IdP attribute value in the user's account has violated account regulations. The following error messages can appear as a result of this problem: Possible Cause SSO protocol error. Contact your administrator for further See SSO Protocol Error, on page 1 for more information. Possible Cause No user account found in the system. Contact your administrator for further Possible Cause No X.509 certificate found in the system. Contact your administrator for further Possible Cause X.509 certificate has expired. Contact your administrator for further Possible Cause User account is locked. Contact your administrator for further Possible Cause User account is expired. Contact your administrator for further Possible Cause User account has been deactivated. Contact your administrator for further Possible Cause SAML assertion is expired. Contact your administrator for further Possible Cause Invalid Response message. Contact your administrator for further Possible Cause Auto Account Creation failed. Contact your administrator for further See Auto Account Creation or Auto Account Update Has Failed for more information. Possible Cause Auto Account Update failed. Contact your administrator for further See Auto Account Creation or Auto Account Update Has Failed for more information. Possible Cause SSO protocol error. Contact your administrator for further Possible Cause No user name found in SAML assertion. Contact your administrator for further Possible Cause Only POST request is supported. Contact your administrator for further Possible Cause Incorrect SAML SSO POST data. Contact your administrator for further Possible Cause A Cisco WebEx Meetings Server certificate has not been imported into the SAML IdP. Possible Cause The site is not allowed to use SSO. Contact your administrator for further Possible Cause Incorrect X.509 certificate to validate SAML assertion. Contact your administrator for further See Incorrect X.509 Certificate to Validate SAML Assertion for more information. 2

SSO Error Codes Possible Cause Loading configuration error. Contact your administrator for further Possible Cause The value of NameQualifier does not match site URL. Contact your administrator for further Possible Cause Unable to reach Assertion Party. Contact your administrator for further Possible Cause Failed to resolve SAML Artifact. Contact your administrator for further Possible Cause Invalid SAML Assertion. Contact your administrator for further Possible Cause Recipient does not match webex.com. Contact your administrator for further Possible Cause SAML assertion is unsigned. Contact your administrator for further Possible Cause User role is not allowed to login. Contact your administrator for further Possible Cause Invalid RequestedSecurityToken. Contact your administrator for further Possible Cause Invalid digital signature. Contact your administrator for further Possible Cause Untrusted Issuer. Contact your administrator for further Possible Cause Name Identifier format is incorrect. Contact your administrator for further Possible Cause Unable to generate AuthnRequest. Contact your administrator for further Possible Cause Unable to generate Logout Request. Contact your administrator for further Possible Cause InResponseTo does not match the request ID. Contact your administrator for further Possible Cause Invalid Request message. Contact your administrator for further Possible Cause Auto Account Creation failed. Contact your administrator for further Possible Cause Auto Account Update failed. Contact your administrator for further Possible Cause Update user privilege failed or user is not allowed to update user privilege. Contact your administrator for further Solution Examine your URL API to determine which account values are causing the failure. Refer to the "Setting and Changing SSO URL API Parameters" section in the Planning Guide for more information. SSO Error Codes The following table lists the SSO error codes. Error Description SSO protocol error No user name found in SAML assertion No user account found in the system No X.509 certificate found in the system Error Code 1 2 3 4 3

SSO Error Codes Error Description Only POST request is supported Incorrect SAML SSO POST data The site is not allowed to use SSO Incorrect X.509 certificate to validate SAML assertion Loading configuration error The value of NameQualifier does not match site URL Unable to reach Assertion Party Failed to resolve SAML Artifact Invalid SAML assertion Recipient does not match webex.com X.509 certificate has expired User account is locked User account is expired User account has been deactivated SAML assertion is expired SAML assertion is unsigned User role is not allowed to login Invalid RequestedSecurityToken Invalid digital signature Untrusted Issuer Name Identifier format is incorrect Unable to generate AuthnRequest Unable to generate Logout Request InResponseTo does not match the request ID Invalid Response message Invalid Request message Auto Account Creation failed Auto Account Update failed Error Code 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 4

SSO Does Not Work with ios Devices SSO Does Not Work with ios Devices Problem is not working with your ios device. Possible Cause There is a known issue with Apple ios 6.x, where (SSO) does not work for internal users of ipad/iphone who are using the Safari 6 web browser. This is due to an Apple defect that is fixed in ios 7. The Safari bug ID is 13484525. Solution Use a different web browser. This release of Cisco WebEx Meetings Server has been tested to work with Firefox 10-25 and Chrome 23-31 on the Mac operating system. 5

SSO Does Not Work with ios Devices 6