SAML Troubleshouting

Some errors you may encounter while setting up a connection between OnApp and Identity Provider and how to solve them:

  • missing name_id - make sure that you set up an email for a user on IdP
  • fingerprint mismatch - ensure you are using an appropriate certificate or fingerprint. Note, the certificate takes precedence on the fingerprint if both are indicated
  • Idp cert - the identity provider's certificate must be in PEM format
  • Make sure to access OnApp CP via https before adding the identity provider instance to ensure the links containing in the Metadata file are correct. If the link in the Metadata is incorrect (http instead of https), please delete the IdP instance and create it again having accessed OnApp CP via https.