Troubleshooting SAML SSO

Discover how Pleasant Password Server will enhance KeePass for business

To see SSO error details, please follow instructions for viewing logs (Server & Web) here: increase logging details

If you have an issue that is not resolved by one of the following items, please contact Support, and a Support team member will respond and assist with your issue.


Unable to complete SAML single sign on request

Possible error messages (in the file logging details):

  • CryptographicException: Keyset does not exist
    • This may indicate that the IIS account (used in the Application Pool) does not have read permissions to the imported certificate
  • CryptographicException: Error occurred during a cryptographic operation.
    • This indicates that there is a problem with the decrypting, perhaps because of an invalid machine code or encryption key.

    • Ensure that the connection string and the encryption key is correct in the Service Config utility

    • If you have multiple servers (IIS / IISExpress), there could be a problem with the client hitting two different servers that have different machine codes or different encryption keys. Ensure that there is a machine key that is generated and copied to each of the other IIS / IISExpress machine(s).

    • This is documented in the Cloud Hosting with IIS (step 2):