SAML is a complex authentication protocol. Configuring an application to use a SAML identity provider requires many steps. The slightest error in the configuration can prevent the SAML connection from working.
When the Service Provider is not able to decode a SAML response, the following log files should provide more information:
- /usr/local/afs7/logs/daemon/fluidtopics.log that contains the whole Fluid Topics output. It contains all errors encountered by the server.
- /usr/local/afs7/Fluid-Topics/web/logs/$SERVICE_ID-$SERVICE_STATUS.log that contains only error messages encountered with the service_number/service_status tenant.
In the log files, SAML errors often start with org.pac4j.saml.exceptions.SamlException.
The Authentication Lifetime and Session Timeout is also a recurring issue with SAML.