SSO Configuration with new beta version not working

rahul_p
Regular Contributor
Regular Contributor

Hello Experts,

We are setting up the SSO for the first time and we have executed following steps :

  1. Imported Azure IDP XML under Identity Provider, mentioned SP Identity ID and Name ID . 
  2. Configured the username attribute, sessions under General setting
  3. Copied the certificate of Azure AD from XML and prepared the certificate.
  4. Downloaded the default Saviynt certificate.
  5. Created the JKS of type "PKCS12" and added these 2 AAD and Default Saviynt Certificate.

Activated the SSO.

Below is the error we are getting:

rahul_p_1-1689088378889.png

Please help.

Regards,

Rahul

 

9 REPLIES 9

RakeshMG
Saviynt Employee
Saviynt Employee

Please check the Alias given in all the configurations are matching.

Also please validate the URL's configured in the configuration files.


​Regards

Rakesh M Goudar

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi @rahul_p 

The error message (AADSTS50011) indicates that the specified reply URL (ECM/saml/SSO/alias/) in the request does not match the configured reply URLs for the application in the Azure portal.

Hello @DixshantValecha @RakeshMG ,

Thank you both for your reply.

We will check and get back to you.

Regards,

Rahul

sowmyashiva
Saviynt Employee
Saviynt Employee

Hi @rahul_p please try and make sure that the Entity ID(Identifier) is matching with what you have provided in the reply URL in Azure AD

rahul_p
Regular Contributor
Regular Contributor

Hello @sowmyashiva @DixshantValecha @RakeshMG ,

We did execute the steps mentioned in the document which are in high-level are import the certificates and idp XML as per Saviynt document which is not working.

  1. We used default SP certificate which comes with Saviynt.
  2. We did not change anything under Show Advanced Configurations.
  3. Under Setup IDP, we mentioned entityID, URL.
  4. Under the IDP setting we added the name, selected IDP file and attribute(after clicked on save and opened this setting again, it doesn't show any IDP file selected.)
  5. activated SSO.

Can anybody point here, what went wrong?

Regards,

Rahul

DixshantValecha
Saviynt Employee
Saviynt Employee

Hi,

To troubleshoot this error, you can try the following steps:-

#Check the validity and consistency of the certificates used by both Azure AD and Saviynt. You can use tools like Fiddler or Charles to inspect the HTTP requests and responses and extract the certificates. You can also use online tools like >samltool.com/validate_response.php to validate the SAML response and its signature.
#Look for any invalid characters or whitespace in the SAML response that could invalidate the signature. You can use online tools like >xmlvalidation.com to check the XML syntax and format.
#Check Logs and Error Messages:

  • Check the logs on both the IDP and Saviynt side for any error messages or hints about what might be going wrong.
  • Test with Different Browsers:

    • Sometimes, SSO issues can be browser-specific. Try testing with different browsers to see if the problem persists.

I hope this helps you resolve your issue. If you need more assistance, please let us know.

@rahul_p  did you compare the replyURL shown in the logs with what is configured in the AAD application. Do they match? If not, then you need to update it in AAD.

rahul_p
Regular Contributor
Regular Contributor

Hello,

Now, SSO started working after updating the reply URL which was different and then it was communicated to us incorrectly.

But now SSO working only incognito mode or when we clear browser history then only its working.

Any comments?

Regards,

Rahul

DixshantValecha
Saviynt Employee
Saviynt Employee

As for the new issue you're facing, where SSO only works in incognito mode or after clearing the browser history, this behavior might be related to caching or cookies stored in the browser. Here are a few things you can consider and steps you can take to address this:

  1. Browser Cache: Sometimes, browsers can cache certain information, including SSO-related data. This might cause conflicts when trying to authenticate. Try clearing the cache of the browser (not just the history) and then attempt to use SSO again.

  2. Cookies: SSO often relies on cookies to manage authentication sessions. Incorrectly stored or outdated cookies can cause authentication issues. Clear all cookies related to the SSO provider's domain and try again.

  3. Browser Extensions: Some browser extensions or plugins might interfere with SSO functionality. Try disabling any extensions that might affect web interactions and see if the issue persists.