Troubleshoot SAML errors
Most SAML errors are due to misconfiguration of the SAML Service Providers (SP) or the SAML Identity Provider (IdP). Ensure all SAML configuration settings match between your DigiCert® Trust Lifecycle Manager profile and your SAML IdP.
You can troubleshoot errors with SAML enrollment requests by checking the audit log messages under Reporting & Auditing > Audit logs menu within the DigiCert® Trust Lifecycle Manager application and paying attention to log entries with a FAILURE status.
Inspect SAML traffic via browser extension
Browser extensions can aid with troubleshooting by allowing you to clearly see SAML requests and responses, for example the SAML DevTools extension for Chromium-based browsers (Chrome and Edge).
The SAML extension is visible when running the browser in Inspect mode. Use the SAML extension panel to ensure that SAML enrollments are sent.
Audit logs
Troubleshoot errors with SAML enrollment requests by checking audit log messages.
To troubleshoot SAM enrollment request errors:
In DigiCert® Trust Lifecycle Manager, navigate to Reporting & Auditing > Audit logs.
Look for log entries with a FAILURE status.
Commonly encountered SAML error messages follow:
Example SAML errors | Resolution |
|---|---|
| Make sure that your IdP solution uses NTP so that digitally signed SAML Assertions can be validated successfully. |
| Check your SAML IdP configuration and make sure the correct Profile ID is configured. |
| Check your SAML settings within the profile and make sure the correct IdP issuer value is configured. |
| Check your SAML settings within the profile and make sure that the correct SAML IdP certificate value is configured. |
| |
| Check the SP’s certificate that you uploaded in IdP settings when you enabled the SAML Response encryption. |