Table of Contents
← Hide Table of Contents
SAML 2.0 Integration: Troubleshooting
If you encounter an issue configuring MIDAS to authenticate against your SAML 2.0 Identity Provider, enabling debug logging may help shed light on the issue. With debugging enabled, failed and successful SAML 2.0 authentications will be logged to a "/debug-saml.dat" file in your MIDAS directory.
Warning: It is recommended to only enable Debug logging whilst troubleshooting integration with your SAML 2.0 Identity Provider. Once up and running, it's strongly advisable to disable this logging, otherwise the log file can grow to become very large
Common issues, their causes and resolutions are outlined in the table below...
Symptom | Possible Cause(s) | Resolution |
I don't see a SAML 2.0 option under Manage Users & Permissions → Single Sign-on | Your MIDAS system is not licensed for "Unlimited" users | Upgrade your MIDAS license to "Unlimited" users at mid.as/upgrade |
When accessing MIDAS, users are redirected to the SAML Test Tool (SAMLtest.pl) | Assertion Consumer Service (ACS) URL needs updating after using the SAML Test Tool | Update the Identity Provider Metadata. If you've entered raw XML data in the "Metadata" field (Manage Users & Permissions → SSO → SAML 2.0), then update the ACS URL to reflect the URL of your MIDAS system. If you've specified an Identity Provider's URL in the "Metadata" field, you'll need to update your ACS URL settings on your Identity Provider's platform |
After configuring and enabling SAML 2.0 integration, when I access MIDAS, I still see a sign-in screen | If MIDAS is unable to successfully authenticate with your SAML 2.0 Identity Provider, it will fall back to the standard sign-in screen. | Go to MIDAS Admin Options → Manage Users & Permissions → Single-Sign On (SSO) and check your SAML 2.0 settings are correct. Use our SAML Test Tool to verify your configuration. |
Missing Metadata, certificates, or private key | Check that you have specified your Identity Provider's Metadata and Certificate, and that you've also generated a local Certificate and Private Key. You'll find these settings under MIDAS Admin Options → Manage Users & Permissions & Single Sign-On → SAML 2.0. | |
Depending upon your server configuration, your ACS URL may need updating | Ensure that your ACS URL reflects the URL of your MIDAS system. You may need to update the ACS URL by appending "/index.pl" to the end of it | |
If a user's MIDAS account has been "suspended", they will be returned to the sign-in screen rather than seamlessly signed-in. | If you've enabled debug logging, this cause will be indicated in the debug log. Go to MIDAS Admin Options → Manage Users & Permissions → Users and check that the user account in question hasn't been suspended. | |
Your SAML 2.0 settings are configured to use user permissions from a non-existent user group. | If you've recently renamed or deleted a user group in MIDAS, you may need to update the "Assigned user permissions from" setting. This setting may be found under MIDAS Admin Options → Manage Users & Permissions → Single Sign-On → SAML 2.0. |