You are here

Troubleshooting SAML SSO

Use this information to troubleshoot common SAML SSO related issues.

Alfresco Share Single Sign-On page not displayed

Verify that you are using a SAML-enabled network.

Ensure that the IdP administrator checks the IdP server logs. 

Unable to login to Alfresco Share

Verify the IdP certificate expiry date.

Ensure that you are using a valid IdP certificate.

Ensure that the IdP administrator checks the IdP server logs.

If a user exists in the IdP but cannot log on to Alfresco Share, then the network administrator should check that the user has an email address configured in the IdP. For security reasons, check that the email domain matches the network domain. For example, if the network domain is abc.com, then the email addresses should end with @abc.com.

Error message "System error. Please contact your system administrator."

Check the IdP server logs.

Verify that you have specified correct or valid URLs in the IdP settings section of SAML page in the Admin Console. For example, that you have not entered https://your-idp-hostname:your-idp-port/idp/SSO.saml2 instead of https://your-idp-hostname:your-idp-port/idp/SLO.saml2 in the IdP SingleLogoutRequest Service URL: textbox.

Error message "Page not found."

Ensure that the IdP administrator checks the IdP server logs.

Verify that you have specified the correct URL or port number in the IdP settings section of SAML page in the Admin Console. For example, that you have not entered https://your-idp-hostname:your-idp-port/idp/SSO.saml2 instead of https://your-idp-hostname:your-idp-port/idp/SLO.saml2 in the IdP SingleLogoutRequest Service URL: textbox.

Error message "HTTP Error 404"

Check the IdP server logs.

Verify that the URL specified in the IdP settings section on Alfresco Share Single Sign-On page contains the relevant SSO/SLO information. For example, check that you have not entered https://your-idp-hostname:your-idp-port instead of https://your-idp-hostname:your-idp-port/idp/SLO.saml2 in the IdP SingleLogoutRequest Service URL: textbox.

General troubleshooting tips

Check the IdP server logs.

Verify the IdP URLs for SSO/SLO against the IdP metadata.

Check the network connectivity to the IdP server URLs in terms of the scheme (https), host name, port and the rest of URL. 

Compare the IdP certificate to the IdP metadata.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.