Sitemap

Troubleshooting SAML SSO

Discover how Pleasant Password Server will enhance KeePass for business

To see SSO error details, please follow instructions for viewing logs (Server & Web) here: increase logging details

If you have an issue that is not resolved by one of the following items, please contact Support, and a Support team member will respond and assist with your issue.

 

Unable to complete SAML single sign on request

Possible error messages (in the file logging details):

  • Key Not Found error
    • Pleasant.Identity.Authentication.Saml.Mvc.SamlAuthenticationController
      System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.
    • Resolution:
      • This indicates that the "Name" field (in SAML Partner Configuration) is incorrect
        • Name = Issue URL / Identity Provider Issuer (from your Identity Provider)
      • This can also be found by opening the XML meta file
      • Edit the SAML Partner Configuration
      • Enter this value into "Name" field

 

  • Keyset does not exist
    • This may indicate that the IIS account (used in the Application Pool) does not have read permissions to the imported certificate

 

  • Error occurred during a cryptographic operation.
    • This indicates that there is a problem with the decrypting, perhaps because of an invalid machine code or encryption key.

    • Ensure that the connection string and the encryption key is correct in the Service Config utility

    • If you have multiple servers (IIS / IISExpress), there could be a problem with the client hitting two different servers that have different machine codes or different encryption keys. Ensure that there is a machine key that is generated and copied to each of the other IIS / IISExpress machine(s).

    • This is documented in the Cloud Hosting with IIS (step 2):
      https://keepasshub.com/info/keepass-hub/a-install/iis-hosting/cloud-hosting-with-multiple-iis-servers