Common errors in authentication via SAML 2.0 with AD FS
This section will present some common errors that may occur during single sign-on via SAML 2.0 with AD FS, and their possible solutions. These errors can be found in the system log file following an error message on the login screen. It is important to remember that, for security reasons, some error messages displayed on the screen may be vague or generic, and you will need to consult the log file for more details about the issue.
Here are some common errors and their solutions:
| Error | Solution |
|---|---|
| "Failed to decrypt EncryptedData" | This error occurs when the Java JDK encryption key restriction rules are limited to 1024 bits. Check the prerequisites in the Authentication in AD FS via SAML 2.0 section |
| "Time Synchronization" | This error occurs when the SoftExpert Suite server and authentication server clocks are not synchronized. Make sure to synchronize their clocks. |
| After synchronization, the user cannot log in to the system | Check that the user is not inactive or blocked in the Administration component > File > Organizational unit > User (AD004). Also check Department and Access group. |
| Authentication negotiation cannot access the AD FS server | Check that the link https://adfsserver/adfs/ls/IdpInitiatedSignOn.aspx is working correctly, and that the user and password data recognized by the browser are correct. |
| "PKIX path building failed" when validating the certificate | This error may be caused by problems validating certificates between agents. Check possible causes and solutions in the official documentation or seek technical support. |
Keep in mind that these are just some common situations and their possible solutions. Each environment may have particularities, and it is important to consult the official documentation and seek technical support to resolve specific problems related to authentication via SAML 2.0 with AD FS.