Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

SAML SSO not working

println-titan
New Contributor III
New Contributor III

Hi all,

We have configured SAML SSO and have completed these steps:
- Uploaded Keystore file
- Uploaded SP file
- Uploaded IDP file
- Updated AuthenticationConfig.groovy
- Restarted Application Server

Based on my understanding, f SSO is working, when I access ECM url it should redirect me to IdP for authentication. But when I access ECM url, it is still showing EIC login page. 

What are the next steps I can take to troubleshoot this? 

Appreciate any help, thank you!

7 REPLIES 7

RakeshMG
Saviynt Employee
Saviynt Employee

Please validate if 

grails.plugin.springsecurity.ldap.active=true 

AuthenticationConfig.groovy is enabled or not.


​Regards

Rakesh M Goudar

Hi @RakeshMG ,

Do we need to enable ldap for SAML SSO to work? We have configured SAML active as true: grails.plugin.springsecurity.saml.active=true

We have followed the same as suggested by Suman on this post:
https://forums.saviynt.com/t5/identity-governance/saml-sso-configuration-question/m-p/33121

Only difference is for the metadata providers we have provided as such: grails.plugin.springsecurity.saml.metadata.providers = [AzureAD:'idp_idp.xml']
Just want to confirm if the metadata provider name for idp case sensitive?

Thank you!

RakeshMG
Saviynt Employee
Saviynt Employee

Yes, it is case sensitive.


​Regards

Rakesh M Goudar

Hi @RakeshMG ,

Thanks for the reply, I have checked through the configurations and everything seems right:

grails.plugin.springsecurity.saml.active=true
grails.plugin.springsecurity.saml.metadata.sp.file = 'sp_sp.xml'
grails.plugin.springsecurity.saml.metadata.defaultIdp = 'https://sts.windows.net/xxxxxx/'
grails.plugin.springsecurity.saml.metadata.providers = [spsigned:'idp_idp.xml']
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/saviynt_shared/security/SAML/sp.keystore.jks'
grails.plugin.springsecurity.saml.keyManager.storePass = 'xxxxxx'
grails.plugin.springsecurity.saml.keyManager.passwords = [ spsigned: 'xxxxxx' ]
grails.plugin.springsecurity.saml.keyManager.defaultKey = 'spsigned'
grails.plugin.springsecurity.saml.metadata.sp.defaults = [
securityProfile: 'metaiop',
local: true,
alias: 'SaviyntSP', (Entity ID in sp_sp.xml)
signingKey: 'spsigned',
encryptionKey: 'spsigned',
tlsKey: 'spsigned',
requireArtifactResolveSigned: false,
requireLogoutRequestSigned: false,
requireLogoutResponseSigned: false,
idpDiscoveryEnabled: true]

After restarting, I'm not redirected to idp for sso authentication. Is there any logs I can check to debug this? Appreciate the help!

RakeshMG
Saviynt Employee
Saviynt Employee

Please check SAML logs.


​Regards

Rakesh M Goudar

SumanPatra
Saviynt Employee
Saviynt Employee

is the Keystore file extension is correct as mentioned in the file looks to be incorrect. 

grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/saviynt_shared/security/SAML/sp.keystore.jks' 

Thanks @SumanPatra !
That solved the issue, we updated to the below keystore path and it works.
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/saviynt_shared/security/SAML/sp.keystore'