Follow

Single Sign-On (SSO) & SAML 2.0 Troubleshooting

To configure a Single-Sign On (SSO) Provider to connect CustomShow as an accessible application through an SSO Portal, information must be provided to the SSO Provider. The following details the possible values needed for this configuration, and common mistakes noted in past attempts.

  • Connector Type: SAML 2.0
  • SAML Type: IdP-Initiated

 

 

Common SSO Configuration Error Responses

Please take note of the HTTP protocol in the Audience URL, as using HTTPS will result in a connection failure.

When entering the Audience URL, it is crucial to ensure the value is HTTP://app.customshow.com.

If the URL is entered as any other value, the following error will be displayed when attempting to sign into CustomShow through the SSO Provider:

 

SSO_audience_error.png

 

Examining the SAML Response is often the best way to troubleshoot an issue related to the SSO configuration. As an example, a SAML Response may return a value for <AudienceRestriction>. We can see that the value entered for the Audience URL has been incorrectly entered as follows:

<saml:AudienceRestriction>
<saml:Audience>https://app.customshow.com</saml:Audience>
</saml:AudienceRestriction>

As the value is set to https://app.customshow.com, we can confirm that this is incorrect. The SSO configuration must be adjusted to use the correct value, as noted above.

 

Another common mistake is the case-sensitivity for the Consumer Services URLs and the Recipient URL. This value must always be https://app.customshow.com/saml/SSO (or the ACS values noted above). Specifically, the "SSO" part of the URL must be capitalized.

 

An example of an error message stemming from this problem may appear as follows:

sso_error2.png

Again, examining the SAML Response will help us troubleshoot this problem. As an example, we may identify that the value for Destination appears as:

<samlp:Response...
Destination="https://app.customshow.com/saml/sso"
...>

OR

<saml:SubjectConfirmationData...
Recipient="https://app.customshow.com/saml/sso" />

This value must be corrected in the SSO configuration to the correct, case-sensitive value.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request