Troubleshooting SSO
When
Common error messages
A valid SubjectConfirmation was not found on this Response
This could indicate there is a mismatch between the Recipient and Destination URLs. Check in the SAML response XML if Recipient and Destination URL's match. When it does not match it should be configured in your SAML provider.
Unknown AssertionConsumerServiceURL
The URL in the configuration file is probaby incorrect. Check your wbe.config.yml file and look at the app.url variable. That should match the domain that is used to access WriteBackExtreme
SSO Login in management console works but not in extension
The return url that ends with auth/saml/login-return is probably not added to the Assertion Consumer Service URLs in your SSO provider
Cannot login in management console with SSO
Check if the user that is trying to login has permissions to view the management console. He should be either admin or have at least one role attached. And he should not be blocked
Check the logs in the management console. (Info & License->System Logs, click the log of that specific day) Maybe there is a clue stored in there.
Check the attributes in your IDP provider. The username should match the username that you have in the management console.
Authentication method by which the user authenticated with the service doesn't match requested authentication method
This problem occures/happends, because of the way how the session authentication method (SAML AuthnRequest) is configured on the other SSO app. WritebackExtreme by defaults use “Password, ProtectedTransport” as request authentication method.
Solution
We have added a configuration variable to allow all options, but allow any cross request authentication method. Within the wbe.config.yaml file set the following variable to not strictly check on the cross request authentication method:
env:
portal:
saml:
requested_auth: falseWas this helpful?