You are viewing limited content. For full access, please sign in.

Question

Question

Google SAML Issues - Identity Provider may not configured correctly

Directory Server Laserfiche
Updated December 17
asked on December 8

Interesting issue that we are encountering with a Client who is attempting to use Google as their SAML identity Provider.

We configured it and are able to login with a SAML account created in LFDS. Then we attempted to setup Linked identity provider to link the Google accounts with the on-premise windows accounts. Once we did that, we are still able to login but can only see folders that everyone has access to.

Once we add groups to be included in the SAML response, we observe that the groups claim are not being included in the SAML response. Then we attempt to login, we encounter the following error message:

[errorCode":null, "ShowReturnLink":true, "Error":true, "Message":"The identity provider may not be configured correctly. Contact your administrator: The server is not operational.\r\n")

If we revert the changes, then the same message continues to occur. 

Any ideas on what might be going on here? We had implemented this in version 11 prior and it 'seems" it was successfully. Client was simply suppose to add the corresponding groups so that they are included the SAML response. This was out on hold until they updated to version 12 (Spring Release) and we are now seeing this behavior.

 

Any ideas?

0 0

Replies

replied on December 17

The error message looks like failure with querying Domain Controller, check the "Identifying Attribute" and "Attribute Format" (In the Linked Identity Providers tab) are set to the correct value.

 

And if the ActiveDirectory IdP has multiple domain controllers, make sure the one specified in host is operational.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...