Troubleshooting Single Sign-on

After configuring and setting the authentication for Single Sign-on (SSO), perform a test. On a local machine and not a server, test the SSO.

If SSO does not work, use the following table to troubleshoot the problem.

Problem

Solution

A blank Archer Login screen displays.

Verify that LDAP is set up and that users have a domain.

To find the domain, add ssoparameters.aspx to the subdirectory path. For example: inetpub\wwwroot\RSAarcher\ssoparameters.aspx. See Manage LDAP Configuration in the Archer Platform Help.

Be sure that you have defined the domain is correctly in the user profile and that users are logging on to Windows using the same username as defined in the user profile. See "User Access" in the Archer Platform Help.

Getting the standard Login screen after verifying the user domain and LDAP setup.

Repeat the steps in the previous solution.

User login redirects the user to the Archer login page instead of displaying the error log reference ID page. The user is redirected even when the login is successfully authenticated in the identity provider (IDP). This problem arises because ADFS and the Archer machine time settings are not synchronized. So the Archer Web log file could contain information similar to the following:

ID4222: The SamlSecurityToken is rejected because the SamlAssertion.NotBefore condition is not satisfied.

NotBefore: '2016-11-24 12:15:58 PM'

Current time: '2016-11-24 12:08:48 PM'

Ensure that the clock skew time is large enough to accommodate the gap in time or keep both ADFS and the Archer machine synchronized.
 

Problem

Solution

An Authentication failure is displayed with the message: User could not be authenticated. Please contact your administrator. Log Reference ID: XXXX-XXXX-XXXX.

Find the log reference ID in the SAML file for the day the failure occurred. All SAML authentication failures are logged into a date-stamped SAML file. If the cause of the error is still not clear, setting the log level to Info provides additional context in the SAML logs to help with troubleshooting. See Configuring Logging Rules for information about configuring the log level.