This article explains how to resolve common errors that users might experience while using Single Sign-On (SSO) in Jamf Pro.
Integrating an Identity Provider (IdP) with Jamf Pro creates the following login errors:
|Error Message||LOG||LOG Message||Cause|
|An error occurred while processing your Single Sign-On request. Contact your administrator for assistance.||org.springframework.security.authentication.AuthenticationServiceException||Error validating SAML message||Invalid Signing Certificate.
Ensure that certificates from your Identity Provider and Jamf Pro are valid.
Remember to refresh Jamf Pro Metadata after making changes.
|An error occurred while processing your Single Sign-On request. Contact your administrator for assistance.||org.springframework.security.authentication.CredentialsExpiredException||Authentication statement is too old to be used||Adjust Token Expiration settings.
Identity Provider and the Jamf Pro Single Sign-On session lifetime are not set to the same value.
|An error occurred while processing your Single Sign-On request. Contact your administrator for assistance.||org.opensaml.common.SAMLException||Metadata includes wantAssertionSigned, but neither Response nor included Assertion is signed||Identity Provider does not sign SAML assertions.
Verify your IdP configuration.
|Access Denied. Contact your administrator to request access to the Jamf Pro server.||User was not mapped to Jamf Pro.
If this happens, check the following:
-Whether the corresponding user or group exists in Jamf Pro
-Your Identity Provider sent the correct values
-User or Group Mapping are correctly configured
When uploading a metadata file to the Jamf Pro server, users might be presented with the following error message: "Metadata file does not contain signing certificate information". This error is displayed when the KeyDescriptor element in the metadata file does not contain the use=signing attribute. The solution is to add the attribute to the file.
When configuring your Identity Provider settings, ensure to assign users to the Jamf Pro application.