Overview
While configuring Security Assertion Markup Language (SAML) based Single Sign-On (SSO), some problems and workarounds apply to specific Identity Providers (IdPs).
This article provides information about some known issues with specific IdPs.
Information
ADFS
Issue: Responder error with details mentioning the Scoping element
Fix: To fix this problem, select the Include Scoping checkbox in Advanced Settings.
PingFederate
Issue: A UAT instance does not work in the same browser where a production SSO IDP session existed
Fix: This problem is caused by a session cookie handling problem. You can work around it by always creating a new browser session before testing in UAT.
Siteminder
Issue: Unable to save IdP metadata in Jive
Fix: OpenSAML has a bug where the validUntil timestamp on the IdP metadata's IDPSSODescriptor is checked incorrectly, and will only pass validation if the timestamp is invalid. The workaround is to remove the IDPSSODescriptor validUntil attribute from the metadata.
Issue: AudienceRestriction attribute contains incorrect or multiple entity IDs for Jive instance
Fix: This problem occurs when the SP profile name in SiteMinder is not the same as the entityID in Jive, causing a validation error.
Priyanka Bhotika
Comments