Saml Debugger Tips

0 0 139

Blog Headers -- 2000 x 200 (4).png

Howdy! Have you ever run into an issue with your SAML authentication and ran the debugger but didn’t know what to do with the results? Below are the error messages that will occur and what the error indicates.

To run the debugger, you go to the authentication page, and below the SAML auth settings, you will see a button called “Start Debugging.” You will want to press that button to begin and then try to log in in another browser or incognito window. Once you have done that, go back to the debugger and click refresh. If done correctly and if your authentication is set up correctly, you will see a box with the response. 


Error messages:

  • The response is not successful - This error indicates that the IdP could not authenticate the user. This issue is usually on the IdP, and the IdP logs will provide additional information.
  • Could not find a certificate to validate the message - The error indicates that there is no fingerprint in the “Certificate Fingerprint” box. Please insert your certificate fingerprint into the box.
  • No trusted signing key found - This error indicates that the fingerprint certificate is either outdated or incorrect. You will need to retrieve the certificate from your IdP. Here is a guide from the Canvas Community that will assist you. 
  • Unknown User - This error indicates that the user attempting to log in is trying to log in with a username that does not match their username within Canvas. You will need to update the login for the user in Canvas so that it matches the value being sent. You can do this by using the logins.csv. Another important note about this error is that if you receive it, all other auth settings are correct, and authentication is working. Well done!
  • Forwarding user to IdP for authentication - This message indicates that the user was sent to their authentication server to sign in and never made it back to Canvas. This could mean that the configuration on the IdP side is either incorrect or if you are using Google, you haven’t waited 24 hours to propagate the permissions.

If you still have an issue with users logging into Canvas with your SAML integration, don't hesitate to contact support for further assistance.