This section includes troubleshooting topics about single sign-on (SSO) issues.

Similar documents
CLI users are not listed on the Cisco Prime Collaboration User Management page.

CLI users are not listed on the Cisco Prime Collaboration User Management page.

SAML-Based SSO Solution

SAML-Based SSO Solution

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Manage SAML Single Sign-On

Unity Connection Version 10.5 SAML SSO Configuration Example

Cisco WebEx Meetings Server Troubleshooting Guide for Version 2.5

Troubleshooting Guide for Cisco WebEx Meetings Server Release 3.0

Troubleshooting Guide for Cisco WebEx Meetings Server Release 2.7

Configuration Guide - Single-Sign On for OneDesk

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

ADFS Setup (SAML Authentication)

Configuring Alfresco Cloud with ADFS 3.0

Five9 Plus Adapter for Agent Desktop Toolkit

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Setting Up the Server

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Cisco WebEx Meetings Server Troubleshooting Guide Release 1.5

SAML-Based SSO Configuration

ComponentSpace SAML v2.0 Okta Integration Guide

Welcome to Oracle Service Cloud Ask the Experts

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Installation and Deployment

RSA SecurID Access SAML Configuration for Datadog

MyWorkDrive SAML v2.0 Okta Integration Guide

Microsoft ADFS Configuration

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Add OKTA as an Identity Provider in EAA

Morningstar ByAllAccounts SAML Connectivity Guide

Five9 Plus Adapter for Microsoft Dynamics CRM

DocuSign Single Sign On Implementation Guide Published: June 8, 2016

RSA SecurID Access SAML Configuration for Kanban Tool

April Understanding Federated Single Sign-On (SSO) Process

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)

CA SiteMinder Federation

All about SAML End-to-end Tableau and OKTA integration

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Quick Connection Guide

WebEx Connector. Version 2.0. User Guide

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Qualys SAML & Microsoft Active Directory Federation Services Integration

Administering Jive Mobile Apps for ios and Android

SAML-Based SSO Configuration

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Single Sign-On (SSO)Technical Specification

ComponentSpace SAML v2.0 Developer Guide

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Install and Configure the F5 Identity Provider (IdP) for Cisco Identity Service (IdS) to enable SSO

Quick Start Guide for SAML SSO Access

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Google Apps Integration

RSA SecurID Access SAML Configuration for StatusPage

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

SafeNet Authentication Manager

IBM Security Access Manager Single Sign-on with Federation

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

McAfee Cloud Identity Manager

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Quick Start Guide for SAML SSO Access

1Y Citrix. Designing Deploying and Managing Citrix XenMobile 10 Enterprise Solutions

Integrating YuJa Active Learning into Google Apps via SAML

Oracle Utilities Opower Solution Extension Partner SSO

Google SAML Integration

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Sign in and Meeting Issues

Setting Up Resources in VMware Identity Manager

User Management. Jabber IDs

VMware Identity Manager Administration

Integrating YuJa Active Learning with ADFS (SAML)

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

CA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5

CA SiteMinder. Federation Release Notes 12.52

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Configuring ServiceNow

Version 7.x. Quick-Start Guide

Single Sign-On Administrator Guide

Integrating YuJa Active Learning into ADFS via SAML

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

This documentation will go over how to install Sharepoint for configuring with Panopto.

Community Manager Guide: Jive Jabber Add-on

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

RSA SecurID Access SAML Configuration for Samanage

Single Sign-On Administrator Guide

Table of Contents. Single Sign On 1

Cloud Secure Integration with ADFS. Deployment Guide

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Configuration Tab. Cisco WebEx Messenger Administration Guide 1

TECHNICAL GUIDE SSO SAML Azure AD

Configure Unsanctioned Device Access Control

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Monitor System Status

MyWorkDrive SAML v2.0 Azure AD Integration Guide

Transcription:

This section includes troubleshooting topics about single sign-on (SSO) issues. SSO Fails After Completing Disaster Recovery Operation, page 1 SSO Protocol Error, page 1 SSO Redirection Has Failed, page 2 SSO Error Codes, page 4 SSO Does Not Work with ios Devices, page 5 SSO Carriage Return Failure, page 5 SSO Fails After Completing Disaster Recovery Operation Problem When a user completes a disaster recovery operation, SSO fails due to expired certificates. Possible Cause Existing SSO certificates were installed before the application was installed. Solution Reinstall SSO certificates after completing Disaster Recovery Operation. After you perform your restoration on the disaster recovery system, sign in to the Administration site and select Settings > Security > Certificate > SSL Certificate > Generate CSR.Under More Options, select Download CSR to download the generated CSR. Use the CSR to obtain a new SSL Certificate. Refer to the "Generating SSL Certificates" section of the Administration Guide for more information. Import your new SSL certificate by selecting Settings > Security > Certificate > More Options (Import SSL Certificate). Import the same SSL certificate into your ADFS (Active Directory Federation Service) for the site URL's relay party. SSO Protocol Error Problem You receive the error message, "SSO protocol error. Contact your administrator for further " Possible Cause Your SSO administration site or IdP configuration contains errors. Possible Cause SSO is not enabled. Possible Cause Some or all of the required IdP attributes are not configured: firstname, lastname, email. 1

SSO Redirection Has Failed Possible Cause The NameID parameter of your SAML is not set to email. Possible Cause The Active Directory Federation Services (ADFS) Token-Signing certificate has expired and should be updated. Solution If one of the above conditions might be the cause: Verify that the required IdP attributes are configured. Verify that the following IdP attributes are set to the user email address: uid, SAML_SUBJECT Export a Primary Token-signing certificate from ADFS Server > ADFS Management Console > Service > Certificate and upload it to the CWMS SSO certificate. If you are unable to determine the cause of your SSO protocol error, generate a log and contact the TAC for further assistance. SSO Redirection Has Failed Problem A user attempts to sign in and receives a "SSO Redirection Failed" message. The user is directed to an administrator for help. Possible Cause An IdP attribute value in the user account has violated account regulations. The following error messages can appear as a result of this problem: Possible Cause SSO protocol error. Contact your administrator for further See SSO Protocol Error, on page 1 for more information. Possible Cause No user account found in the system. Contact your administrator for further Possible Cause No X.509 certificate found in the system. Contact your administrator for further Possible Cause X.509 certificate has expired. Contact your administrator for further Possible Cause User account is locked. Contact your administrator for further Possible Cause User account is expired. Contact your administrator for further Possible Cause User account has been deactivated. Contact your administrator for further Possible Cause SAML assertion is expired. Contact your administrator for further Possible Cause Invalid Response message. Contact your administrator for further Possible Cause Auto Account Creation failed. Contact your administrator for further See Auto Account Creation or Auto Account Update Has Failed for more information. Possible Cause Auto Account Update failed. Contact your administrator for further See Auto Account Creation or Auto Account Update Has Failed for more information. Possible Cause SSO protocol error. Contact your administrator for further Possible Cause No user name found in SAML assertion. Contact your administrator for further Possible Cause Only POST request is supported. Contact your administrator for further 2

SSO Redirection Has Failed Possible Cause Incorrect SAML SSO POST data. Contact your administrator for further Possible Cause A Cisco WebEx Meetings Server certificate has not been imported into the SAML IdP. Possible Cause The site is not allowed to use SSO. Contact your administrator for further Possible Cause Incorrect X.509 certificate to validate SAML assertion. Contact your administrator for further See Incorrect X.509 Certificate to Validate SAML Assertion for more information. Possible Cause Loading configuration error. Contact your administrator for further Possible Cause The value of NameQualifier does not match site URL. Contact your administrator for further Possible Cause Unable to reach Assertion Party. Contact your administrator for further Possible Cause Failed to resolve SAML Artifact. Contact your administrator for further Possible Cause Invalid SAML Assertion. Contact your administrator for further Possible Cause Recipient does not match webex.com. Contact your administrator for further Possible Cause SAML assertion is unsigned. Contact your administrator for further Possible Cause User role is not allowed to login. Contact your administrator for further Possible Cause Invalid RequestedSecurityToken. Contact your administrator for further Possible Cause Invalid digital signature. Contact your administrator for further Possible Cause Untrusted Issuer. Contact your administrator for further Possible Cause Name Identifier format is incorrect. Contact your administrator for further Possible Cause Unable to generate AuthnRequest. Contact your administrator for further Possible Cause Unable to generate Logout Request. Contact your administrator for further Possible Cause InResponseTo does not match the request ID. Contact your administrator for further Possible Cause Invalid Request message. Contact your administrator for further Possible Cause Auto Account Creation failed. Contact your administrator for further Possible Cause Auto Account Update failed. Contact your administrator for further Possible Cause Update user privilege failed or user is not allowed to update user privilege. Contact your administrator for further Solution Examine your URL API to determine which account values are causing the failure. Refer to the "Setting and Changing SSO URL API Parameters" section in the Cisco WebEx Meeting Server Planning Guide at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/ products-installation-and-configuration-guides-list.html for more information. 3

SSO Error Codes SSO Error Codes The following table lists the SSO error codes. Error Description SSO protocol error No user name found in SAML assertion No user account found in the system No X.509 certificate found in the system Only POST request is supported Incorrect SAML SSO POST data The site is not allowed to use SSO Incorrect X.509 certificate to validate SAML assertion Loading configuration error The value of NameQualifier does not match site URL Unable to reach Assertion Party Failed to resolve SAML Artifact Invalid SAML assertion Recipient does not match webex.com X.509 certificate has expired User account is locked User account is expired User account has been deactivated SAML assertion is expired SAML assertion is unsigned User role is not allowed to login Invalid RequestedSecurityToken Invalid digital signature Untrusted Issuer Name Identifier format is incorrect Unable to generate AuthnRequest Unable to generate Logout Request InResponseTo does not match the request ID Error Code 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 4

SSO Does Not Work with ios Devices Error Description Invalid Response message Invalid Request message Auto Account Creation failed Auto Account Update failed Error Code 29 30 31 32 SSO Does Not Work with ios Devices Problem is not working with your ios device. Possible Cause There is a known issue with Apple ios 6.x, where (SSO) does not work for internal users of ipad/iphone who are using the Safari 6 web browser. This is due to an Apple defect that is fixed in ios 7. The Safari bug ID is 13484525. Solution Use a different web browser. See the "Operating System and Browser Requirements" section of the Cisco WebEx Meetings Server Planning Guide and System Requirements for a list of supported browsers on the Mac operating system. SSO Carriage Return Failure Problem The Security Assertion Markup Language (SAML) response with a carriage return is not supported. Possible Cause If the SAML response has a carriage return in any of the fields, then the auto update account creation authentication fails. Although the SAML provider calculates the digital signature with the carriage return, Cisco WebEx Meetings Server (CWMS) removes the carriage return causing the digital signature to be invalid. Solution Remove the carriage return from all fields. 5

SSO Carriage Return Failure 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback