This article explains how to resolve common errors that users might experience while using Single Sign-On (SSO) in Jamf Pro.
Integrating an Identity Provider (IdP) with Jamf Pro creates the following login errors:
| Error Message | LOG | LOG Message | Cause |
| An error occurred while processing your Single Sign-On request. Contact your administrator for assistance. | org.springframework.security.authentication.AuthenticationServiceException | Error validating SAML message | Invalid Signing Certificate.
Ensure that certificates from your Identity Provider and Jamf Pro are valid. Remember to refresh Jamf Pro Metadata after making changes. |
| An error occurred while processing your Single Sign-On request. Contact your administrator for assistance. | org.springframework.security.authentication.CredentialsExpiredException | Authentication statement is too old to be used | Adjust Token Expiration settings.
Identity Provider and the Jamf Pro Single Sign-On session lifetime are not set to the same value. |
| An error occurred while processing your Single Sign-On request. Contact your administrator for assistance. | org.opensaml.common.SAMLException | Metadata includes wantAssertionSigned, but neither Response nor included Assertion is signed | Identity Provider does not sign SAML assertions.
Verify your IdP configuration. |
| Access Denied. Contact your administrator to request access to the Jamf Pro server. | User was not mapped to Jamf Pro.
If this happens, check the following: -Whether the corresponding user or group exists in Jamf Pro -Your Identity Provider sent the correct values -User or Group Mapping are correctly configured |
When uploading a metadata file to the Jamf Pro server, users might be presented with the following error message: "Metadata file does not contain signing certificate information". This error is displayed when the KeyDescriptor element in the metadata file does not contain the use=signing attribute. The solution is to add the attribute to the file.
When configuring your Identity Provider settings, ensure to assign users to the Jamf Pro application.
Just ran into the "An error occurred while processing your Single Sign-On request. Contact your administrator for assistance." error message. After going through settings on both sides a number of times, checking the jamfsoftwareserver.log mentioned skew errors. The JSS server clock was off by a few minutes. Re-sync the clock settings and the issue was resolved.
I run into this issue quite often. Our SSO config is through Google as we are using the Jamf Pro (Cloud version). I can't seem to sort out what the exact issue is that continues to cause this. However, if I open an incognito window or clear the browser cache the issue is temporarily resolved.
Any thoughts?
The certificate is valid till 2021
Settings are all correct as mentioned in the SSO config doc for Google
We seem to get this SSO error frequently and entirely randomly. We use Okta for SSO and sometimes it will work in the same browser in private mode, other times need to use a different browser. Random cache/cookie clean-ups will fix it. So random.
I'm seeing the same issue. Works fine from an incognito window.
Same issue from time to time here. Restarting Tomcat fixed it for me.
The possible way to resolve such issue is by going to https://portal.office.com and logging out.
I'm seeing the same issue here with Azure AD. Telling users to log out of Office 365 several times a day is not a solution, and no other SSO app we use, does that.