SAML is one of the more complex authentication protocols to configure. The slightest error can prevent the SAML realm from working.
When Fluid Topics is not able to decode a SAML response, the following log files should provide more information:
- /usr/local/afs7/logs/daemon/fluidtopics.log that contains the entire Fluid Topics output, including all errors encountered by the server.
- /usr/local/afs7/Fluid-Topics/web/logs/$TENANT_ID.log that contains only error messages encountered with a specific tenant.
In the log files, SAML errors often start with org.pac4j.saml.exceptions.SamlException.
If using the Active Directory Federation Services (ADFS) component, see the section dedicated to ADFS troubleshooting.