Troubleshooting SAML SSO
Discover how Pleasant Password Server will enhance KeePass for business
To see SSO error details, please follow instructions for viewing logs (Server & Web) here: increase logging details.
If you have an issue that is not resolved by one of the following items, please contact Support, and a Support team member will respond and assist with your issue.
Unable to complete SAML single sign on request
Possible error messages (in the file logging details):
- Key Not Found error
- Pleasant.Identity.Authentication.Saml.Mvc.SamlAuthenticationController
System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary. - Resolution:
- This indicates that the "Name" field (in SAML Partner Configuration) is incorrect
- Name = Issue URL / Identity Provider Issuer (from your Identity Provider)
- This can also be found by opening the XML meta file
- Edit the SAML Partner Configuration
- Enter this value into "Name" field
- This indicates that the "Name" field (in SAML Partner Configuration) is incorrect
- Pleasant.Identity.Authentication.Saml.Mvc.SamlAuthenticationController
- Keyset does not exist
- This may indicate that the IIS account (used in the Application Pool) does not have read permissions to the imported certificate
- Error occurred during a cryptographic operation.
-
This indicates that there is a problem with the decrypting, perhaps because of an invalid machine code or encryption key.
-
Ensure that the connection string and the encryption key is correct in the Service Config utility
-
If you have multiple servers (IIS / IISExpress), there could be a problem with the client hitting two different servers that have different machine codes or different encryption keys. Ensure that there is a machine key that is generated and copied to each of the other IIS / IISExpress machine(s).
-
This is documented in the Cloud Hosting with IIS (step 2):
https://keepasshub.com/info/keepass-hub/a-install/iis-hosting/cloud-hosting-with-multiple-iis-servers
-