Troubleshooting SAML SSO
To see SSO error details, please follow instructions for viewing logs (Server & Web) here: increase logging details.
If you have an issue that is not resolved by one of the following items, please contact Support, and a Support team member will respond and assist with your issue.
Possible error messages (in the file logging details):
- CryptographicException: Keyset does not exist
- This may indicate that the IIS account (used in the Application Pool) does not have read permissions to the imported certificate
- CryptographicException: Error occurred during a cryptographic operation.
This indicates that there is a problem with the decrypting, perhaps because of an invalid machine code or encryption key.
Ensure that the connection string and the encryption key is correct in the Service Config utility
If you have multiple servers (IIS / IISExpress), there could be a problem with the client hitting two different servers that have different machine codes or different encryption keys. Ensure that there is a machine key that is generated and copied to each of the other IIS / IISExpress machine(s).
This is documented in the Cloud Hosting with IIS (step 2):