Error while logging with saml credentials
Error while trying to login using SAML credentials.
Overview: This article describes troubleshooting steps for common SAML login errors including invalid_response due to incorrect signing certificates, issues with Entity ID mismatches, and timestamp validation errors.
Step 1: Correct Signing Certificate
- If you encounter the following errors, ensure the correct signing certificate is provided under Settings > SAML > Signing Certificate. Ensure characters are accurately copied without omissions:
Step 2: Verify Entity ID
- If you encounter errors related to incorrect Entity ID, verify and correct it under Settings > SAML > Entity ID to match expected values:
- Ensure server time is accurate to resolve timestamp validation issues causing the following error:
invalid_response
Could not validate timestamp: not yet valid. Check system clock.
Request ID: ONELOGIN_470f247589c4d84fc203d642d825d65e0e0bcabe
Not authenticated
These steps help diagnose and resolve common SAML login errors, ensuring smooth authentication processes.
Step 4: Check the application log
If you encounter the following error, check the application logs
SAML Response not found, Only supported HTTP_POST Binding
root@gateway:~# cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/logs/
or
root@gateway:~# ( cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/logs/ && tail -f $(ls -t log-*.php | head -n 1) )