SAML is one of the more complex authentication protocols to configure. The slightest error can prevent the SAML realm from working.
When Fluid Topics is not able to decode a SAML response, the following log files should provide more information:
-
/usr/local/afs7/logs/daemon/fluidtopics.log
that contains the entire Fluid Topics output, including all errors encountered by the server. -
/usr/local/afs7/Fluid-Topics/web/logs/$TENANT_ID.log
that contains only error messages encountered with a specific tenant.
In the log files, SAML errors often start with org.pac4j.saml.exceptions.SamlException
.
If using the Active Directory Federation Services (ADFS) component, see the section dedicated to ADFS troubleshooting.