Difference between revisions of "Troubleshooting Single Sign On"
Line 19: | Line 19: | ||
|} | |} | ||
== Common Issues == | == Common Issues == | ||
− | + | {| style="width: 100%; height: 100px" border="0" cellpadding="5" | |
− | === | + | ! colspan = "2" style="text-align: left;" | |
− | A common | + | |- |
+ | | style="width: 80%; text-align=left" | | ||
+ | ==="The public certificate used for signing the assertion is not known to the service provider...."=== | ||
+ | A common cause of this error message is that the signing certificate stored in your Identity provider has been renewed and therefore no longer matches the SSO certificate you have stored in Hornbill. Some Identity Providers (such as ADFS) automatically renew signing certificates periodically. By default, the ADFS '''AutoCertificateRollover''' property is set to true so the certificates will change automatically without any direct action. Simply put, this error message indicates that the signing certificate given to Hornbill by your identity provider does not match any of the certificates currently stored in the Hornbill SSO Profile. | ||
====Corrective Action==== | ====Corrective Action==== | ||
Line 29: | Line 32: | ||
As a general principle, we advise that the team responsible for security or administration within your company can schedule a task to update the Hornbill SSO profile with the new certificates, prior to their expiry. | As a general principle, we advise that the team responsible for security or administration within your company can schedule a task to update the Hornbill SSO profile with the new certificates, prior to their expiry. | ||
− | For instructions on | + | For instructions on uploading your IdP meta data into the Hornbill SSO Profile (which includes signing certificates) click the following link: [[Single Sign On Profiles#Uploading Your IdP Meta Data into the Hornbill SSO Profile|'''Single Sign on Profiles''']] |
+ | |||
+ | | align="left" | | ||
+ | |||
+ | [[File:certificateExpiryError.jpg|400px|thumb|<div align="center">'''This error message indicates that the certificate given to Hornbill by your identity provider does not match any of the certificates currently stored in the Hornbill SSO Profile. '''</div>]] | ||
+ | |||
+ | |} |
Revision as of 16:43, 4 January 2019
Home > Integration > Essential Integrations > Single Sign On with SAML 2.0 > Trouble Shooting Single Sign On
IntroductionHornbill's Single Sign On implementation is designed to present you with helpful error messages in situations where something may not be quite right. This page outlines the common scenarios and what to do to overcome them.
|
Related Articles |
Common Issues
"The public certificate used for signing the assertion is not known to the service provider...."A common cause of this error message is that the signing certificate stored in your Identity provider has been renewed and therefore no longer matches the SSO certificate you have stored in Hornbill. Some Identity Providers (such as ADFS) automatically renew signing certificates periodically. By default, the ADFS AutoCertificateRollover property is set to true so the certificates will change automatically without any direct action. Simply put, this error message indicates that the signing certificate given to Hornbill by your identity provider does not match any of the certificates currently stored in the Hornbill SSO Profile. Corrective ActionThis can be rectified by uploading a new certificate key to the Hornbill SSO Profile. Please contact the security or administration team within your company to request for a refreshed ADFS Server certificate key.
For instructions on uploading your IdP meta data into the Hornbill SSO Profile (which includes signing certificates) click the following link: Single Sign on Profiles |