SAML is a complex authentication protocol. Configuring an application to use a SAML identity provider requires many steps. The slightest error in the configuration can prevent the SAML connection from working.
Remember that for any trouble regarding integration with a ADFS SAML implementation, you can refer to the following set of rules that must be respected to get the integration work.
When the Service Provider is not able to decode a SAML response, the following log files should provide more information:
- /usr/local/afs7/logs/daemon/fluidtopics.log that contains the whole Fluid Topics output. It contains all errors encountered by the server.
- /usr/local/afs7/Fluid-Topics/web/logs/$TENANT_ID.log that contains only error messages encountered with the related tenant.
In the log files, SAML errors often start with org.pac4j.saml.exceptions.SamlException.
The Authentication Lifetime and Session Timeout is also a recurring issue with SAML.