You can verify that your SAML SSO setup works by using the nsconmsg
command: nsconmsg –g saml –d current
. A successful authentication will result in the saml_assertion_verify_success
counter going up:
Here are some areas you should focus on if your SAML SSO isn't working:
saml_assertion_parse_fail
saml_signature_verify_fail
saml_canonicalize_fail
saml_digest_verify_fail
The syntax would be:
nsconmsg –g <one of counters above > -d current e.g. nsconmsg –g saml_canonicalize_fail –d current
ns.log (/var/log/ns.log)
while reproducing the issue. There is a good level of detail here around requests and errors for users authenticating using SAML. In the following screenshot we see that the authentication failed because a signed assertion was expected, but instead was received without any signing info:3.135.197.33