Frequently Reported SAML Issues
Frequently Reported SAML Issues
Here is a list of commonly seen reasons that SAML integration does not work. They can be identified from the relevant details in the logs.
Time on the server is not synchronized with NTP servers Timestamps in SAML requests and responses are used to ensure the integrity and validity of the authentication process. When the time of the service provider deviates too much from the identity provider, the identity provider will refuse proceeding. This tolerance is usually 1 minute. To solve this problem, the time of PoolParty server needs to be configured to synchronize with NTP servers automatically.
Logout from PoolParty does not log a user out from the IDP When logging out from PoolParty using the logout button at the upper right corner of PoolParty GUI, it can happen that the window reloads and the user is again logged in to PoolParty. This is because the user is still logged in from the perspective of the IDP, so the user's access to login screen after the "logout" is again authenticated, as if the user can never log out from PoolParty. This phenomenon is bound to the implementation and configuration of the IDP. PoolParty does inform the IDP about the logout activity properly. It is up to the IDP to decide if the user will be logged out globally. This is the default behavior of some IDPs, but other IDPs will ignore it and further configuration is necessary at the IDP side.