Custom IDP - Misconfiguration between IDP and SP- URLs, Signing Options, Certificates, Parameters/Formatting

Modified on: Tue, 18 Jun, 2024 at 3:42 PM

Error 1:-

Saml configuration error: saml assertion is not signed. please make the saml assertions are signed in your idp.

Resolution path:

Signing options in Freshworks SAML configuration should match signing options selected in IDP.By Default JumpCloud support Only Signed Response

Login to Freshworks Organisation
Navigate to Security Page and then go to Configured SAML App
Check Signing options in configured SAML app.

Error 2:-

Error while authenticating user: the assertion of the response is not encrypted and the sp requires it

Resolution Path:

In Case of Freshworks SAML app is selected in JumCloud IDP, then disable encrypted assertions in Freshworks Security→ SAML app.

Login to Freshworks Organisation
Navigate to Security Page and then go to Configured SAML App
Disable Encrypted Assertions in configured SAML app under Advanced Options.

Error 3:-

Saml configuration error: invalid audience attribute in the saml response. expected audience: null

Resolution Path:

The metadata url (entity url) of SP, configured in the IDP is wrong.Make sure correct value configured in Freshworks SAML app in JumpCloud IDP.

Error 4:- Whitelabel Error

Resolution Path:

ACS url configured in IDP is not correct. Provide valid ACS URL.

Error 5:-

Saml configuration error: invalid issuer attribute in the saml response. expected issuer value: ~~https://accounts.google.com/o/saml2?idpid=c04ksivtl~~

Resolution Path:

Solution:

Issuer URL(Entity Id) configured in Freshworks Security →SAML app is not matching with entity id sent by IDP in SAML response.

Hence provide valid Issuer URL(Entity Id) copied Freshworks SAML app from JumpCloud(as shown below) and paste it in Freshworks Security →SAML app's Issuer URL field.