Community Help

GideonWilliams

Our Microsoft SSO with Canvas has simply stopped working and we now get an error message.

We've deleted all instances of it in Microsoft and Canvas and followed both help guides but still no ball. An hour with Microsoft Tech support has not got us any closer to solving the problem.

The error is AADSTS700016: which basically says that the SAML identifier URL from Canvas is not being found in our tenancy.

Hugely frustrating as its rollover course and users week!

Anyone had any issues recently?

JulianMould

Hi Gideon,

Was sorry to read about this issue.

Can you say what support strategies the Microsoft Tech Support offered?

Be good to know what they tried to solved the problem.

Ever helpful ChatGPT offers the below advice, but guessing that Microsoft effectively explored this already?

---------------------------------------------

"The error message AADSTS700016 indicates that the SAML identifier URL from Canvas cannot be found within your Microsoft tenancy, which is causing the authentication to fail.

Here are some steps and considerations that might help you troubleshoot and potentially resolve the issue:

Double-check SAML Configuration:
- Ensure that the SAML configuration settings in both Canvas and Azure Active Directory (AAD) are correct and match exactly. This includes the Entity ID, Assertion Consumer Service (ACS) URL, and the SAML signing certificate.
Check Permissions and Roles:
- Ensure that the account you are using to configure SSO in Azure AD has the necessary permissions to manage applications and SSO settings.
Review Azure AD Logs:
- Check the Azure AD logs for any specific error messages or events related to the SAML authentication attempts. This might provide more detailed information about why the SAML identifier URL is not being found.
Clear Cache and Cookies:
- Sometimes, browser cache or cookies can interfere with SSO. Try clearing cache and cookies in your web browser or using an incognito/private browsing window to see if that resolves the issue.
Verify Network Connectivity:
- Ensure that there are no network issues that could be affecting the communication between Canvas and Azure AD.
Review Recent Changes:
- If possible, review any recent changes made to either the Canvas configuration or the Azure AD settings. Sometimes seemingly unrelated changes can impact SSO functionality.
Escalate with Support:
- If Microsoft Tech Support hasn't provided a solution, consider escalating the issue with them to higher support levels or reaching out to Canvas support as well. They might have insights or experience with similar issues.
Temporary Workarounds:
- As a temporary measure, you might consider reverting to manual authentication methods or using alternative SSO configurations if available, to ensure minimal disruption to your users.

Given the urgency of your situation with the start of a new course and user activities, expedited support from both Microsoft and Canvas would be crucial. Documenting the steps you've taken and any error messages encountered can also help speed up the troubleshooting process with support teams.

I hope these suggestions help you make progress towards resolving the SSO issue promptly!"

Cheers

Julian Mould (SCEA)

View solution in original post

JulianMould

Hi Gideon,

Was sorry to read about this issue.

Can you say what support strategies the Microsoft Tech Support offered?

Be good to know what they tried to solved the problem.

Ever helpful ChatGPT offers the below advice, but guessing that Microsoft effectively explored this already?

---------------------------------------------

"The error message AADSTS700016 indicates that the SAML identifier URL from Canvas cannot be found within your Microsoft tenancy, which is causing the authentication to fail.

Here are some steps and considerations that might help you troubleshoot and potentially resolve the issue:

Double-check SAML Configuration:
- Ensure that the SAML configuration settings in both Canvas and Azure Active Directory (AAD) are correct and match exactly. This includes the Entity ID, Assertion Consumer Service (ACS) URL, and the SAML signing certificate.
Check Permissions and Roles:
- Ensure that the account you are using to configure SSO in Azure AD has the necessary permissions to manage applications and SSO settings.
Review Azure AD Logs:
- Check the Azure AD logs for any specific error messages or events related to the SAML authentication attempts. This might provide more detailed information about why the SAML identifier URL is not being found.
Clear Cache and Cookies:
- Sometimes, browser cache or cookies can interfere with SSO. Try clearing cache and cookies in your web browser or using an incognito/private browsing window to see if that resolves the issue.
Verify Network Connectivity:
- Ensure that there are no network issues that could be affecting the communication between Canvas and Azure AD.
Review Recent Changes:
- If possible, review any recent changes made to either the Canvas configuration or the Azure AD settings. Sometimes seemingly unrelated changes can impact SSO functionality.
Escalate with Support:
- If Microsoft Tech Support hasn't provided a solution, consider escalating the issue with them to higher support levels or reaching out to Canvas support as well. They might have insights or experience with similar issues.
Temporary Workarounds:
- As a temporary measure, you might consider reverting to manual authentication methods or using alternative SSO configurations if available, to ensure minimal disruption to your users.

Given the urgency of your situation with the start of a new course and user activities, expedited support from both Microsoft and Canvas would be crucial. Documenting the steps you've taken and any error messages encountered can also help speed up the troubleshooting process with support teams.

I hope these suggestions help you make progress towards resolving the SSO issue promptly!"

Cheers

Julian Mould (SCEA)

GideonWilliams

Many thanks Julian. I will pass this on to the IT team. Microsoft coming back to us hopefully soon.

SSO, Microsoft and Canvas

Canvas login issues

Rollover and 2 Year Courses and Short Names

Issue with Changing Password for Canvas Account Cr...

Grades not showing the grades grid for one instruc...

Importing Google Classroom content into Canvas