Panel | ||||
---|---|---|---|---|
|
...
Note | ||
---|---|---|
| ||
Starting with Java 1.8.0_162, JCE unlimited policy is enabled by default. You no longer need to install the policy file in the JRE or set the security property crypto.policy. |
Debugging
The saml.log.level property can be configured in the uc.properties to enable debug logging for the SAML framework. However, as a best practice, saml.log.level should remain at INFO under normal operation.
...
An administrator can turn on/off and configure SAML Single Sign-On through the user interface.
Note | ||
---|---|---|
| ||
Each Universal Controller cluster node maintains its own Single Sign-On Settings configuration, associated by Node Id. Therefore, you must complete the Single Sign-On Settings configuration for each deployed cluster node, including the Active node and any Passive nodes. The Identify Provider Metadata File and KeyStore File, by default located under ${catalina.base}/conf/saml/, must be accessible to each cluster node. |
Step 1 | From the Administration navigation pane, select Configuration > Single Sign-On Settings. The Single Sign-On Settings page displays. |
---|---|
Step 2 | Enter / select your Single Sign-On Settings, using the field descriptions below as a guide.
|
Step 3 | Click the Update button. |
...
Universal Controller Uninitialized | While the Universal Controller web application is initializing, the user login flow cannot proceed. Any users attempting to authenticate with SAML at this time receive the following error: | ||
---|---|---|---|
User Account Not Found | Any SAML-authenticated user who cannot be linked to a user account in the Universal Controller database is prohibited from accessing the application and receives the following error: | ||
User Account Not Active | Any SAML-authenticated user linked to a Universal Controller user account that is not Active is prohibited from accessing the application and receives the following error: | ||
Login Method | Any SAML authenticated user linked to a Universal Controller user account that is not designated to use Single Sign-On login method is prohibited from accessing the application and receives the following error: | ||
User Account Locked | Any SAML-authenticated user linked to a Universal Controller user account that is locked is prohibited from accessing the application and receives the following error: | ||
No Web Browser Access | Any SAML-authenticated user linked to a Universal Controller user account designated with the Single Sign-On login method, but without Web Browser Access, is prohibited from accessing the application and receives the following error: | ||
Authentication Statement Too Old | If users already are authenticated with their Identity Provider, depending on how long their Identify Provider allows them to stay authenticated, they could experience an "Error validating SAML message" authentication error when signing into the Universal Controller through single sign-on.
|