Connexion SSO AzureAD Fail [FR][EN]
AnsweredBonjour,
J'ai suvi la procedure pour activer le SSO via Azure AD et rien n'y fait, j'ai bien dans les log d'Azure des success comme quoi, la connexion marche mais sur Rainbow, je me retrouve avec ces messages. Soit l'un soit l'autre en fonction de si je passe par Rainbow (erreur 1) ou le test de connexion azure (erreur 2)
"SAML Assertion signature check failed! (checked 1 certificate(s))" (error code: 500000)
"Assertion can't be decrypted: cookie 'SamlRequestId' is missing" (error code: 400000)
Merci d'avance pour votre aide.
Hi,
I make and remake all the procedure https://support.openrainbow.com/hc/fr/articles/360008866099-How-to-Activate-the-Single-Sign-On-between-Azure-Active-Directory-and-my-Company-using-SAML-EN-
When i check Azure AD log, i see it's granted, but when i test, I have 2 errors:
"SAML Assertion signature check failed! (checked 1 certificate(s))" (error code: 500000)
or
"Assertion can't be decrypted: cookie 'SamlRequestId' is missing" (error code: 400000)
Have you an idea?
Thanks
-
Hello,
My Rainbow user (claire.dechriste@al-enterprise.com) is public, you can invite me to join your network in Rainbow.
-
Hello,
An issue might happen in some cases on new SAML configurations since the introduction of Advanced parameters.
It will be fixed in next version 83.
But meanwhile here is a workaround:
Select SAML "Advanced options", first uncheck, then check again the box "allow unencrypted assertion", then save the configuration.
If this does not work, please open a case on Rainbow support side.
Regards,
Claire Dechristé
-
Hello,
- If you are an ALE Business Partner, you can, as with other ALE products, open a ticket on the business portal (https://businessportal.al-enterprise.com/).
- If you are an end customer managed by an ALE Business Partner, please contact them.
- If you are an end user not yet managed by an ALE Business Partner, you can send your question to Emily directly from Rainbow by adding #support to your message or to post your question in the Help, Assistance & Support community (https://support.openrainbow.com/hc/en-us/community/topics/115000066190-Help-Assistance-Support).Thanks.
-
Hello,
It happens that the Rainbow LoginEmail is different from the user's email address filled in a directory management service, such as Azure AD.
Most frequent use case: merging Rainbow users previously registered in 2 different directory management services within the same company. Rainbow manages only one: the ID authent is an alias that lets you associate 2 email addresses to connect in saml or oidc.
This field is not mandatory.
You may have a look at this article:
Best regards
Nathalie
Please sign in to leave a comment.
Comments
13 comments