SSO Issues

This guide is aimed at both administrators of the LMS, as well as imc support and incident management to identify possible root causes for SSO login issues.

1. Questions for the Customer/Administrator

• Are you aware of any change in the IAM/IdP service, and if so - what has been changed?

• Check if the IAM/IdP is available and works with other systems

• Check if it affects all users or only a few/single users

• Check if affected users are correctly created in the IAM System

• Check if the user has the necessary permissions and that the correct group is set in the IAM (Identity and Access Management) policy.

• Check if the user account is locked; if so, unlock it through the IAM system.

• Provide a SAML Testuser for IMC

2. Troubleshooting Tools

• Browser Developer Tools: Useful for analyzing SAML tokens and network traffic.

How to generate a HAR and log file in Chrome?

• Open Google Chrome.

• In Chrome, go to the webpage in question.

• Select the Chrome menu > More Tools > Developer Tools

• Select the Networks tab.

• Within the Networks tab, select Preserve log option.

• Record log by selecting the red circle at the top left of the Networks tab.

• Refresh the page and allow Chrome to record browser-website interaction.

• Once the page is loaded, select the Console tab and right-click on in the console box. "Save as..." name the file as your preference.

• Go back to the Networks tab and right click element. Select "Save HAR with content".

• Upload HAR and log files to the DESK ticket.

How to generate a HAR and log file in Firefox?

• Open Firefox.

• In Firefox, go to the webpage in question.

• Select the Firefox menu > Web Developer > Network.

• In the center of the Networks tab select refresh.

• Refresh the page and allow Firefox to record the browser-website interaction.

• Once the page is loaded, right click and "Save All As HAR".

• Select the Console tab and right-click on in the console box. Select all and Copy Message

• Copy log messages to the preferred text editor.

• Upload the HAR and log files to the DESK ticket.

• SAML Tracer: A browser extension to inspect SAML requests and responses.

3. IMC Checks

A. Certificate Issues

• Verify that SSL/TLS certificates on both the Identity Provider (IdP) and Service Provider (SP) are current.

• Ensure certificates are properly signed and meet security requirements.

B. Misconfiguration

• SP and IdP Metadata - Ensure Service Provider and Identity Provider metadata are configured and synchronized properly.

• Audience Restriction: Make sure the audience value in the SAML response matches what the Service Provider expects.

C. LMS Configuration

• Configuration → SAML, Open ID, Crowd SSO

• Clients→ SAML entity ID (observe system context)

4. Common Errors and Suggestions

5. Log Analysis

• IDM & ILS Logs: These often indicate if the issue originates from the Identity Provider, such as missing permissions or certificate issues.

• Browser Console Logs: For front-end SSO, the browser console can help detect JavaScript or network exceptions.

• SAML Tracer: A browser extension to inspect SAML requests and responses.